summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Gemfile24
-rw-r--r--README.rst6
-rw-r--r--Rakefile6
-rw-r--r--capabilities-map.yaml100
-rw-r--r--ci/common/net-config-multinode-os-net-config.yaml114
-rw-r--r--ci/common/net-config-multinode.yaml4
-rw-r--r--ci/environments/multinode-3nodes.yaml77
-rw-r--r--ci/environments/multinode.yaml48
-rw-r--r--ci/environments/multinode_major_upgrade.yaml48
-rw-r--r--ci/environments/scenario001-multinode.yaml24
-rw-r--r--ci/environments/scenario002-multinode.yaml8
-rw-r--r--ci/environments/scenario003-multinode.yaml6
-rw-r--r--ci/environments/scenario004-multinode.yaml6
-rw-r--r--ci/pingtests/scenario002-multinode.yaml2
-rw-r--r--ci/pingtests/tenantvm_floatingip.yaml142
-rw-r--r--ci/scripts/freeipa_setup.sh32
-rw-r--r--deployed-server/deployed-server-bootstrap-rhel.sh13
-rw-r--r--deployed-server/deployed-server-bootstrap-rhel.yaml22
-rw-r--r--docker/copy-json.py72
-rw-r--r--docker/post.j2.yaml52
-rw-r--r--docker/services/README.rst5
-rw-r--r--docker/services/neutron-ovs-agent.yaml16
-rw-r--r--docker/services/nova-compute.yaml12
-rw-r--r--docker/services/nova-libvirt.yaml8
-rw-r--r--docker/services/services.yaml2
-rw-r--r--environments/auditd.yaml119
-rw-r--r--environments/cinder-dellps-config.yaml31
-rw-r--r--environments/cinder-dellsc-config.yaml4
-rw-r--r--environments/cinder-eqlx-config.yaml17
-rw-r--r--environments/cinder-scaleio-config.yaml35
-rw-r--r--environments/collectd-environment.yaml23
-rw-r--r--environments/contrail/contrail-net.yaml26
-rw-r--r--environments/contrail/contrail-nic-config-compute.yaml167
-rw-r--r--environments/contrail/contrail-services.yaml45
-rw-r--r--environments/contrail/roles_data_contrail.yaml237
-rw-r--r--environments/deployed-server-bootstrap-environment-rhel.yaml7
-rw-r--r--environments/enable-internal-tls.yaml11
-rw-r--r--environments/enable_congress.yaml2
-rw-r--r--environments/enable_tacker.yaml2
-rw-r--r--environments/horizon_password_validation.yaml5
-rw-r--r--environments/host-config-pre-network.j2.yaml6
-rw-r--r--environments/major-upgrade-all-in-one.yaml8
-rw-r--r--environments/major-upgrade-composable-steps.yaml5
-rw-r--r--environments/major-upgrade-converge.yaml6
-rw-r--r--environments/neutron-ml2-fujitsu-fossw.yaml22
-rw-r--r--environments/neutron-ml2-ovn.yaml8
-rw-r--r--environments/neutron-opencontrail.yaml25
-rw-r--r--environments/neutron-opendaylight-l3.yaml14
-rwxr-xr-xenvironments/neutron-sriov.yaml3
-rw-r--r--environments/puppet-ceph.yaml12
-rw-r--r--environments/puppet-pacemaker.yaml1
-rw-r--r--environments/services/ceph-rbdmirror.yaml2
-rw-r--r--environments/services/ec2-api.yaml3
-rw-r--r--environments/services/octavia.yaml9
-rw-r--r--environments/sshd-banner.yaml13
-rw-r--r--environments/tls-endpoints-public-dns.yaml45
-rw-r--r--environments/tls-endpoints-public-ip.yaml45
-rw-r--r--environments/tls-everywhere-endpoints-dns.yaml45
-rw-r--r--extraconfig/nova_metadata/krb-service-principals.yaml84
-rw-r--r--extraconfig/tasks/major_upgrade_block_storage.sh11
-rwxr-xr-xextraconfig/tasks/major_upgrade_ceph_mon.sh82
-rw-r--r--extraconfig/tasks/major_upgrade_ceph_storage.sh106
-rw-r--r--extraconfig/tasks/major_upgrade_compute.sh35
-rw-r--r--extraconfig/tasks/major_upgrade_object_storage.sh42
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker.yaml48
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml96
-rw-r--r--extraconfig/tasks/tripleo_upgrade_node.sh54
-rwxr-xr-xextraconfig/tasks/yum_update.sh7
-rw-r--r--firstboot/install_vrouter_kmod.yaml105
-rwxr-xr-xnetwork/endpoints/build_endpoint_map.py5
-rw-r--r--network/endpoints/endpoint_data.yaml117
-rw-r--r--network/endpoints/endpoint_map.yaml3300
-rw-r--r--network/service_net_map.j2.yaml78
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml23
-rw-r--r--overcloud.j2.yaml21
-rw-r--r--puppet/controller-role.yaml2
-rw-r--r--puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml8
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml59
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml87
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml86
-rw-r--r--puppet/major_upgrade_steps.j2.yaml206
-rw-r--r--puppet/post-upgrade.j2.yaml27
-rw-r--r--puppet/post.j2.yaml101
-rw-r--r--puppet/puppet-steps.j288
-rw-r--r--puppet/services/README.rst32
-rw-r--r--puppet/services/aodh-api.yaml6
-rw-r--r--puppet/services/aodh-base.yaml2
-rw-r--r--puppet/services/aodh-evaluator.yaml7
-rw-r--r--puppet/services/aodh-listener.yaml7
-rw-r--r--puppet/services/aodh-notifier.yaml7
-rw-r--r--puppet/services/apache-internal-tls-certmonger.yaml39
-rw-r--r--puppet/services/apache.yaml6
-rw-r--r--puppet/services/auditd.yaml34
-rw-r--r--puppet/services/barbican-api.yaml12
-rw-r--r--puppet/services/ceilometer-agent-central.yaml7
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml17
-rw-r--r--puppet/services/ceilometer-agent-notification.yaml7
-rw-r--r--puppet/services/ceilometer-api.yaml6
-rw-r--r--puppet/services/ceilometer-base.yaml3
-rw-r--r--puppet/services/ceilometer-collector.yaml7
-rw-r--r--puppet/services/ceph-external.yaml34
-rw-r--r--puppet/services/ceph-mon.yaml24
-rw-r--r--puppet/services/ceph-osd.yaml44
-rw-r--r--puppet/services/ceph-rgw.yaml26
-rw-r--r--puppet/services/cinder-api.yaml8
-rw-r--r--puppet/services/cinder-backend-dellps.yaml85
-rw-r--r--puppet/services/cinder-backend-dellsc.yaml85
-rw-r--r--puppet/services/cinder-backend-scaleio.yaml111
-rw-r--r--puppet/services/cinder-base.yaml1
-rw-r--r--puppet/services/cinder-scheduler.yaml3
-rw-r--r--puppet/services/cinder-volume.yaml6
-rw-r--r--puppet/services/congress.yaml90
-rw-r--r--puppet/services/database/mongodb.yaml7
-rw-r--r--puppet/services/database/mysql-internal-tls-certmonger.yaml4
-rw-r--r--puppet/services/database/mysql.yaml19
-rw-r--r--puppet/services/disabled/glance-registry.yaml30
-rw-r--r--puppet/services/ec2-api.yaml118
-rw-r--r--puppet/services/glance-api.yaml42
-rw-r--r--puppet/services/gnocchi-api.yaml16
-rw-r--r--puppet/services/gnocchi-base.yaml2
-rw-r--r--puppet/services/gnocchi-metricd.yaml9
-rw-r--r--puppet/services/gnocchi-statsd.yaml7
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml35
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml4
-rw-r--r--puppet/services/haproxy.yaml9
-rw-r--r--puppet/services/heat-api-cfn.yaml3
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml3
-rw-r--r--puppet/services/heat-api.yaml3
-rw-r--r--puppet/services/heat-base.yaml2
-rw-r--r--puppet/services/heat-engine.yaml6
-rw-r--r--puppet/services/horizon.yaml10
-rw-r--r--puppet/services/ironic-api.yaml11
-rw-r--r--puppet/services/ironic-conductor.yaml13
-rw-r--r--puppet/services/keystone.yaml5
-rw-r--r--puppet/services/logging/fluentd-client.yaml9
-rw-r--r--puppet/services/manila-api.yaml3
-rw-r--r--puppet/services/manila-share.yaml2
-rw-r--r--puppet/services/memcached.yaml15
-rw-r--r--puppet/services/metrics/collectd.yaml120
-rw-r--r--puppet/services/mistral-base.yaml2
-rw-r--r--puppet/services/monitoring/sensu-client.yaml9
-rw-r--r--puppet/services/network/contrail-analytics-database.yaml43
-rw-r--r--puppet/services/network/contrail-analytics.yaml57
-rw-r--r--puppet/services/network/contrail-base.yaml85
-rw-r--r--puppet/services/network/contrail-config.yaml28
-rw-r--r--puppet/services/network/contrail-control.yaml21
-rw-r--r--puppet/services/network/contrail-database.yaml12
-rw-r--r--puppet/services/network/contrail-heat.yaml40
-rw-r--r--puppet/services/network/contrail-neutron-plugin.yaml45
-rw-r--r--puppet/services/network/contrail-provision.yaml39
-rw-r--r--puppet/services/network/contrail-tsn.yaml64
-rw-r--r--puppet/services/network/contrail-vrouter.yaml64
-rw-r--r--puppet/services/network/contrail-webui.yaml30
-rw-r--r--puppet/services/neutron-api.yaml41
-rw-r--r--puppet/services/neutron-compute-plugin-ovn.yaml24
-rw-r--r--puppet/services/neutron-dhcp.yaml8
-rw-r--r--puppet/services/neutron-l3.yaml3
-rw-r--r--puppet/services/neutron-metadata.yaml5
-rw-r--r--puppet/services/neutron-ovs-agent.yaml3
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml8
-rw-r--r--puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml78
-rw-r--r--puppet/services/neutron-plugin-ml2-ovn.yaml20
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml10
-rw-r--r--puppet/services/neutron-plugin-opencontrail.yaml74
-rw-r--r--puppet/services/neutron-plugin-plumgrid.yaml2
-rw-r--r--puppet/services/nova-api.yaml138
-rw-r--r--puppet/services/nova-base.yaml16
-rw-r--r--puppet/services/nova-compute.yaml25
-rw-r--r--puppet/services/nova-conductor.yaml20
-rw-r--r--puppet/services/nova-consoleauth.yaml4
-rw-r--r--puppet/services/nova-ironic.yaml8
-rw-r--r--puppet/services/nova-libvirt.yaml1
-rw-r--r--puppet/services/nova-placement.yaml8
-rw-r--r--puppet/services/nova-scheduler.yaml7
-rw-r--r--puppet/services/nova-vnc-proxy.yaml4
-rw-r--r--puppet/services/octavia-api.yaml99
-rw-r--r--puppet/services/octavia-base.yaml62
-rw-r--r--puppet/services/octavia-health-manager.yaml61
-rw-r--r--puppet/services/octavia-housekeeping.yaml70
-rw-r--r--puppet/services/octavia-worker.yaml102
-rw-r--r--puppet/services/pacemaker.yaml31
-rw-r--r--puppet/services/pacemaker/ceph-rbdmirror.yaml47
-rw-r--r--puppet/services/pacemaker/database/mysql.yaml2
-rw-r--r--puppet/services/pacemaker/haproxy.yaml2
-rw-r--r--puppet/services/pacemaker_remote.yaml57
-rw-r--r--puppet/services/panko-api.yaml2
-rw-r--r--puppet/services/panko-base.yaml2
-rw-r--r--puppet/services/sahara-api.yaml4
-rw-r--r--puppet/services/sahara-base.yaml2
-rw-r--r--puppet/services/sahara-engine.yaml7
-rw-r--r--puppet/services/services.yaml5
-rw-r--r--puppet/services/snmp.yaml4
-rw-r--r--puppet/services/sshd.yaml (renamed from puppet/services/neutron-compute-plugin-opencontrail.yaml)13
-rw-r--r--puppet/services/swift-proxy.yaml9
-rw-r--r--puppet/services/swift-ringbuilder.yaml12
-rw-r--r--puppet/services/swift-storage.yaml13
-rw-r--r--puppet/services/tacker.yaml91
-rw-r--r--puppet/services/zaqar.yaml2
-rw-r--r--puppet/upgrade_config.yaml11
-rw-r--r--releasenotes/notes/6.0.0-b52a14a71fc62788.yaml125
-rw-r--r--releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml12
-rw-r--r--releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml14
-rw-r--r--releasenotes/notes/deployed-servers-fd47f18204cea105.yaml8
-rw-r--r--releasenotes/notes/ha-by-default-55326e699ee8602c.yaml5
-rw-r--r--releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml10
-rw-r--r--releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml9
-rw-r--r--releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml7
-rw-r--r--releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml4
-rw-r--r--releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml9
-rw-r--r--roles_data.yaml30
-rw-r--r--test-requirements.txt2
-rwxr-xr-xtools/process-templates.py54
-rwxr-xr-xtools/yaml-validate.py20
-rw-r--r--tox.ini1
214 files changed, 8564 insertions, 1455 deletions
diff --git a/Gemfile b/Gemfile
deleted file mode 100644
index 302ef415..00000000
--- a/Gemfile
+++ /dev/null
@@ -1,24 +0,0 @@
-source 'https://rubygems.org'
-
-group :development, :test do
- gem 'puppetlabs_spec_helper', :require => false
-
- gem 'puppet-lint', '~> 1.1'
- gem 'puppet-lint-absolute_classname-check'
- gem 'puppet-lint-absolute_template_path'
- gem 'puppet-lint-trailing_newline-check'
-
- # Puppet 4.x related lint checks
- gem 'puppet-lint-unquoted_string-check'
- gem 'puppet-lint-leading_zero-check'
- gem 'puppet-lint-variable_contains_upcase'
- gem 'puppet-lint-numericvariable'
-end
-
-if puppetversion = ENV['PUPPET_GEM_VERSION']
- gem 'puppet', puppetversion, :require => false
-else
- gem 'puppet', :require => false
-end
-
-# vim:ft=ruby
diff --git a/README.rst b/README.rst
index 0884267a..b0b7ceb0 100644
--- a/README.rst
+++ b/README.rst
@@ -116,5 +116,11 @@ and should be executed according to the following table:
+----------------+-------------+-------------+-------------+-------------+-----------------+
| zaqar | | X | | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+
+| ec2api | | X | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
| cephrgw | | X | | X | |
+----------------+-------------+-------------+-------------+-------------+-----------------+
+| tacker | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
+| congress | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+
diff --git a/Rakefile b/Rakefile
deleted file mode 100644
index bca6a6c2..00000000
--- a/Rakefile
+++ /dev/null
@@ -1,6 +0,0 @@
-require 'puppetlabs_spec_helper/rake_tasks'
-require 'puppet-lint/tasks/puppet-lint'
-
-PuppetLint.configuration.fail_on_warnings = true
-PuppetLint.configuration.send('disable_80chars')
-PuppetLint.configuration.send('disable_autoloader_layout')
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index d46a9fdb..cc22ff92 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -370,6 +370,11 @@ topics:
description: Enable C-Fabric in the overcloud
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/neutron-ml2-fujitsu-fossw.yaml
+ title: Fujitsu Neutron plugin for FOS
+ description: Enable FOS in the overcloud
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Nova Extensions
description:
@@ -408,10 +413,10 @@ topics:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellsc-config.yaml
- title: Cinder Dell Storage Center ISCSI backend
+ title: Cinder Dell EMC Storage Center ISCSI backend
description: >
- Enables a Cinder Dell Storage Center ISCSI backend, configured
- via puppet
+ Enables a Cinder Dell EMC Storage Center ISCSI backend,
+ configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
@@ -421,42 +426,77 @@ topics:
via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/cinder-eqlx-config.yaml
- title: Cinder EQLX backend
+ - file: environments/cinder-dellps-config.yaml
+ title: Cinder Dell EMC PS Series backend
description: >
- Enables a Cinder EQLX backend, configured via puppet
+ Enables a Cinder Dell EMC PS Series backend,
+ configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-iser.yaml
title: Cinder iSER backend
description: >
Enable a Cinder iSER RDMA backend, configured via puppet
+ - file: environments/cinder-scaleio-config.yaml
+ title: Cinder Dell EMC ScaleIO backend
+ description: >
+ Enables a Cinder Dell EMC ScaleIO backend,
+ configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Externally managed Ceph
+ - title: Ceph
description: >
- Enable the use of an externally managed Ceph cluster
+ Enable the use of Ceph in the overcloud
environments:
- file: environments/puppet-ceph-external.yaml
title: Externally managed Ceph
- description:
+ description: >
+ Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Ceph Devel
+ - file: environments/puppet-ceph.yaml
+ title: TripleO managed Ceph
+ description: >
+ Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
+ use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
+ colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: CephMDS
description: >
- Enable a Ceph storage cluster using the controller and 2 ceph nodes.
- Rbd backends are enabled for Cinder, Glance, and Nova.
+ Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
+ filesystems hosted in Ceph.
environments:
- - file: environments/puppet-ceph-devel.yaml
- title: Ceph Devel
+ - file: environments/services/ceph-mds.yaml
+ title: Deploys CephMDS
description:
requires:
+ - environments/puppet-ceph.yaml
+ - title: Ceph Rados Gateway
+ description: >
+ Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
+ which stores data in the Ceph cluster.
+ environments:
+ - file: environments/ceph-radosgw.yaml
+ title: Deploys CephRGW
+ description:
+ requires:
+ - environments/puppet-ceph.yaml
+ - title: Manila with CephFS
+ description: >
+ Deploys Manila and configures it with the CephFS driver. This requires the deployment of
+ Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
+ environments:
+ - file: environments/manila-cephfsnative-config.yaml
+ title: Deploys Manila with CephFS driver
+ description: Deploys Manila and configures CephFS as its default backend.
+ requires:
- overcloud-resource-registry-puppet.yaml
- title: Storage Environment
description: >
Can be used to set up storage backends. Defaults to Ceph used as a
- backend for Cinder, Glance and Nova ephemeral storage. It configures
- for example which services will use Ceph, or if any of the services
+ backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
+ configures which services will use Ceph, or if any of the services
will use NFS. And more. Usually requires to be edited by user first.
tags:
- no-gui
@@ -532,3 +572,31 @@ topics:
description:
requires:
- overcloud-resource-registry-puppet.yaml
+
+ - title: Security Options
+ description: Security Hardening Options
+ environment_groups:
+ - title: SSH Banner Text
+ description: Enables population of SSH Banner Text
+ environments:
+ - file: environments/sshd-banner.yaml
+ title: SSH Banner Text
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Horizon Password Validation
+ description: Enable Horizon Password validation
+ environments:
+ - file: environments/horizon_password_validation.yaml
+ title: Horizon Password Validation
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: AuditD Rules
+ description: Management of AuditD rules
+ environments:
+ - file: environments/auditd.yaml
+ title: AuditD Rule Management
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
diff --git a/ci/common/net-config-multinode-os-net-config.yaml b/ci/common/net-config-multinode-os-net-config.yaml
new file mode 100644
index 00000000..8c50b641
--- /dev/null
+++ b/ci/common/net-config-multinode-os-net-config.yaml
@@ -0,0 +1,114 @@
+heat_template_version: ocata
+
+description: >
+ Software Config to drive os-net-config for a simple bridge configured
+ with a static IP address for the ctlplane network.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet:
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ OvSBridgeMtu:
+ default: 1300
+ description: The mtu of the OvS bridge
+ type: number
+
+resources:
+
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - |
+ #!/bin/bash
+ function network_config_hook {
+ primary_private_ip=$(cat /etc/nodepool/primary_node_private)
+ sed -i "s/primary_private_ip/$primary_private_ip/" /etc/os-net-config/config.json
+ subnode_private_ip=$(cat /etc/nodepool/node_private)
+ sed -i "s/subnode_private_ip/$subnode_private_ip/" /etc/os-net-config/config.json
+ # We start with an arbitrarily high vni key so that we don't
+ # overlap with Neutron created values. These will also match the
+ # values that we've been using previously from the devstack-gate
+ # code.
+ vni=1000002
+ subnode_index=$(grep -n $(cat /etc/nodepool/node_private) /etc/nodepool/sub_nodes_private | cut -d: -f1)
+ let vni+=$subnode_index
+ sed -i "s/vni/$vni/" /etc/os-net-config/config.json
+ export interface_name="br-ex_$primary_private_ip"
+ # Until we are fully migrated to os-net-config we need to clean
+ # up the old bridge first created by devstack-gate
+ ovs-vsctl del-br br-ex
+ }
+
+ -
+ str_replace:
+ template:
+ get_file: ../../network/scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: ovs_bridge
+ name: bridge_name
+ mtu:
+ get_param: OvSBridgeMtu
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ list_join:
+ - "/"
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ members:
+ - type: ovs_tunnel
+ name: interface_name
+ tunnel_type: vxlan
+ ovs_options:
+ - list_join:
+ - "="
+ - - key
+ - vni
+ - list_join:
+ - "="
+ - - remote_ip
+ - primary_private_ip
+ - list_join:
+ - "="
+ - - local_ip
+ - subnode_private_ip
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml
index bf947d3e..dc31235a 100644
--- a/ci/common/net-config-multinode.yaml
+++ b/ci/common/net-config-multinode.yaml
@@ -47,7 +47,9 @@ resources:
str_replace:
template: |
#!/bin/bash
- ip addr add CONTROLPLANEIP/CONTROLPLANESUBNETCIDR dev $bridge_name
+ if ! ip addr show dev $bridge_name | grep CONTROLPLANEIP/CONTROLPLANESUBNETCIDR; then
+ ip addr add CONTROLPLANEIP/CONTROLPLANESUBNETCIDR dev $bridge_name
+ fi
params:
CONTROLPLANEIP: {get_param: ControlPlaneIp}
CONTROLPLANESUBNETCIDR: {get_param: ControlPlaneSubnetCidr}
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml
new file mode 100644
index 00000000..f35a0804
--- /dev/null
+++ b/ci/environments/multinode-3nodes.yaml
@@ -0,0 +1,77 @@
+# Specifies which roles (groups of nodes) will be deployed
+# Note this is used as an input to the various *.j2.yaml
+# jinja2 templates, so that they are converted into *.yaml
+# during the plan creation (via a mistral action/workflow).
+#
+# The format is a list, with the following format:
+#
+# * name: (string) mandatory, name of the role, must be unique
+#
+# CountDefault: (number) optional, default number of nodes, defaults to 0
+# sets the default for the {{role.name}}Count parameter in overcloud.yaml
+#
+# HostnameFormatDefault: (string) optional default format string for hostname
+# defaults to '%stackname%-{{role.name.lower()}}-%index%'
+# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+#
+# ServicesDefault: (list) optional default list of services to be deployed
+# on the role, defaults to an empty list. Sets the default for the
+# {{role.name}}Services parameter in overcloud.yaml
+
+- name: ControllerApi
+ CountDefault: 1
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::Core
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+
+- name: Controller
+ CountDefault: 1
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Core
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
new file mode 100644
index 00000000..212f6a23
--- /dev/null
+++ b/ci/environments/multinode.yaml
@@ -0,0 +1,48 @@
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ # Required for Centos 7.3 and Qemu 2.6.0
+ nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ SwiftCeilometerPipelineEnabled: False
+ Debug: True
diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml
new file mode 100644
index 00000000..56d04de5
--- /dev/null
+++ b/ci/environments/multinode_major_upgrade.yaml
@@ -0,0 +1,48 @@
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::Core: multinode-core.yaml
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Core
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GlanceRegistry
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ # Required for Centos 7.3 and Qemu 2.6.0
+ nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ heat::rpc_response_timeout: 600
+ SwiftCeilometerPipelineEnabled: False
+ Debug: True
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index db6967e0..72e25704 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -1,10 +1,13 @@
resource_registry:
- OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml
OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml
OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml
OS::TripleO::Services::PankoApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/panko-api.yaml
+ OS::TripleO::Services::Collectd: /usr/share/openstack-tripleo-heat-templates/puppet/services/metrics/collectd.yaml
+ OS::TripleO::Services::Tacker: /usr/share/openstack-tripleo-heat-templates/puppet/services/tacker.yaml
+ OS::TripleO::Services::Congress: /usr/share/openstack-tripleo-heat-templates/puppet/services/congress.yaml
parameter_defaults:
ControllerServices:
@@ -34,6 +37,7 @@ parameter_defaults:
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
@@ -59,6 +63,11 @@ parameter_defaults:
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
@@ -81,3 +90,14 @@ parameter_defaults:
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
+ BannerText: |
+ ******************************************************************
+ * This system is for the use of authorized users only. Usage of *
+ * this system may be monitored and recorded by system personnel. *
+ * Anyone using this system expressly consents to such monitoring *
+ * and is advised that if such monitoring reveals possible *
+ * evidence of criminal activity, system personnel may provide *
+ * the evidence from such monitoring to law enforcement officials.*
+ ******************************************************************
+ CollectdExtraPlugins:
+ - rrdtool
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index 636b3a26..bf4721e2 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -1,8 +1,9 @@
resource_registry:
- OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+ OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
parameter_defaults:
ControllerServices:
@@ -45,6 +46,9 @@ parameter_defaults:
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Zaqar
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml
index 08e4d19f..9167010c 100644
--- a/ci/environments/scenario003-multinode.yaml
+++ b/ci/environments/scenario003-multinode.yaml
@@ -1,6 +1,6 @@
resource_registry:
- OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
@@ -43,6 +43,8 @@ parameter_defaults:
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml
index e97113b0..87b10ca1 100644
--- a/ci/environments/scenario004-multinode.yaml
+++ b/ci/environments/scenario004-multinode.yaml
@@ -1,6 +1,6 @@
resource_registry:
- OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml
OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml
OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml
@@ -44,6 +44,8 @@ parameter_defaults:
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml
index 7af1ba0c..da1ae60c 100644
--- a/ci/pingtests/scenario002-multinode.yaml
+++ b/ci/pingtests/scenario002-multinode.yaml
@@ -81,7 +81,7 @@ resources:
type: OS::Cinder::EncryptedVolumeType
properties:
volume_type: {get_resource: luks_volume_type}
- provider: nova.volume.encryptors.luks.LuksEncryptor
+ provider: luks
cipher: aes-xts-plain64
control_location: front-end
key_size: 256
diff --git a/ci/pingtests/tenantvm_floatingip.yaml b/ci/pingtests/tenantvm_floatingip.yaml
new file mode 100644
index 00000000..b910d6c1
--- /dev/null
+++ b/ci/pingtests/tenantvm_floatingip.yaml
@@ -0,0 +1,142 @@
+heat_template_version: ocata
+
+description: >
+ This template resides in tripleo-ci for Mitaka CI jobs only.
+ For Newton and beyond, please look in THT.
+ HOT template to create a new neutron network plus a router to the public
+ network, and for deploying a server into the new network. The template also
+ assigns a floating IP address and sets security group rules. ADAPTED FROM
+ https://raw.githubusercontent.com/openstack/heat-templates/master/hot/servers_in_new_neutron_net.yaml
+parameters:
+ key_name:
+ type: string
+ description: Name of keypair to assign to servers
+ default: 'pingtest_key'
+ image:
+ type: string
+ description: Name of image to use for servers
+ default: 'pingtest_image'
+ public_net_name:
+ type: string
+ default: 'nova'
+ description: >
+ ID or name of public network for which floating IP addresses will be allocated
+ private_net_name:
+ type: string
+ description: Name of private network to be created
+ default: 'default-net'
+ private_net_cidr:
+ type: string
+ description: Private network address (CIDR notation)
+ default: '192.168.2.0/24'
+ private_net_gateway:
+ type: string
+ description: Private network gateway address
+ default: '192.168.2.1'
+ private_net_pool_start:
+ type: string
+ description: Start of private network IP address allocation pool
+ default: '192.168.2.100'
+ private_net_pool_end:
+ type: string
+ default: '192.168.2.200'
+ description: End of private network IP address allocation pool
+
+resources:
+
+ key_pair:
+ type: OS::Nova::KeyPair
+ properties:
+ save_private_key: true
+ name: {get_param: key_name }
+
+ private_net:
+ type: OS::Neutron::Net
+ properties:
+ name: { get_param: private_net_name }
+
+ private_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ network_id: { get_resource: private_net }
+ cidr: { get_param: private_net_cidr }
+ gateway_ip: { get_param: private_net_gateway }
+ allocation_pools:
+ - start: { get_param: private_net_pool_start }
+ end: { get_param: private_net_pool_end }
+
+ router:
+ type: OS::Neutron::Router
+ properties:
+ external_gateway_info:
+ network: { get_param: public_net_name }
+
+ router_interface:
+ type: OS::Neutron::RouterInterface
+ properties:
+ router_id: { get_resource: router }
+ subnet_id: { get_resource: private_subnet }
+
+ volume1:
+ type: OS::Cinder::Volume
+ properties:
+ name: Volume1
+ image: { get_param: image }
+ size: 1
+
+ server1:
+ type: OS::Nova::Server
+ depends_on: volume1
+ properties:
+ name: Server1
+ block_device_mapping:
+ - device_name: vda
+ volume_id: { get_resource: volume1 }
+ flavor: { get_resource: test_flavor }
+ key_name: { get_resource: key_pair }
+ networks:
+ - port: { get_resource: server1_port }
+
+ server1_port:
+ type: OS::Neutron::Port
+ properties:
+ network_id: { get_resource: private_net }
+ fixed_ips:
+ - subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
+
+ server1_floating_ip:
+ type: OS::Neutron::FloatingIP
+ # TODO: investigate why we need this depends_on and if we could
+ # replace it by router_id with get_resource: router_interface
+ depends_on: router_interface
+ properties:
+ floating_network: { get_param: public_net_name }
+ port_id: { get_resource: server1_port }
+
+ server_security_group:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ description: Add security group rules for server
+ name: pingtest-security-group
+ rules:
+ - remote_ip_prefix: 0.0.0.0/0
+ protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ - remote_ip_prefix: 0.0.0.0/0
+ protocol: icmp
+
+ test_flavor:
+ type: OS::Nova::Flavor
+ properties:
+ ram: 512
+ vcpus: 1
+
+outputs:
+ server1_private_ip:
+ description: IP address of server1 in private network
+ value: { get_attr: [ server1, first_address ] }
+ server1_public_ip:
+ description: Floating IP address of server1 in public network
+ value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh
index a36493a1..e699841f 100644
--- a/ci/scripts/freeipa_setup.sh
+++ b/ci/scripts/freeipa_setup.sh
@@ -10,6 +10,9 @@
# - HostsSecret
# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning
# interface (which is hardcoded to eth1)
+# - UsingNovajoin: If unset, we pre-provision the service principals
+# needed for the overcloud deploy. If set, we skip this,
+# since novajoin will do it.
#
set -eux
@@ -19,6 +22,15 @@ elif [ -f "/tmp/freeipa-setup.env" ]; then
source /tmp/freeipa-setup.env
fi
+export Hostname=${Hostname:-""}
+export FreeIPAIP=${FreeIPAIP:-""}
+export DirectoryManagerPassword=${DirectoryManagerPassword:-""}
+export AdminPassword=${AdminPassword:-""}
+export UndercloudFQDN=${UndercloudFQDN:-""}
+export HostsSecret=${HostsSecret:-""}
+export ProvisioningCIDR=${ProvisioningCIDR:-""}
+export UsingNovajoin=${UsingNovajoin:-""}
+
if [ -n "$ProvisioningCIDR" ]; then
# Add address to provisioning network interface
ip link set dev eth1 up
@@ -82,7 +94,9 @@ rm -f /etc/httpd/conf.d/ssl.conf
# Set up FreeIPA
ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \
-p $DirectoryManagerPassword -a $AdminPassword \
- --hostname `hostname -f`
+ --hostname `hostname -f` \
+ --ip-address=$FreeIPAIP \
+ --setup-dns --auto-forwarders --auto-reverse
# Authenticate
echo $AdminPassword | kinit admin
@@ -94,11 +108,13 @@ if [ "$?" = '1' ]; then
exit 1
fi
-# Create undercloud host
-ipa host-add $UndercloudFQDN --password=$HostsSecret --force
+if [ -z "$UsingNovajoin" ]; then
+ # Create undercloud host
+ ipa host-add $UndercloudFQDN --password=$HostsSecret --force
-# Create overcloud nodes and services
-git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git
-cd freeipa-tripleo-incubator
-python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \
- --controller-count 1 --compute-count 1
+ # Create overcloud nodes and services
+ git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git
+ cd freeipa-tripleo-incubator
+ python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \
+ --controller-count 1 --compute-count 1
+fi
diff --git a/deployed-server/deployed-server-bootstrap-rhel.sh b/deployed-server/deployed-server-bootstrap-rhel.sh
new file mode 100644
index 00000000..36ff0077
--- /dev/null
+++ b/deployed-server/deployed-server-bootstrap-rhel.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -eux
+
+yum install -y \
+ jq \
+ python-ipaddr \
+ openstack-puppet-modules \
+ os-net-config \
+ openvswitch \
+ python-heat-agent*
+
+ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
diff --git a/deployed-server/deployed-server-bootstrap-rhel.yaml b/deployed-server/deployed-server-bootstrap-rhel.yaml
new file mode 100644
index 00000000..2d2f5156
--- /dev/null
+++ b/deployed-server/deployed-server-bootstrap-rhel.yaml
@@ -0,0 +1,22 @@
+heat_template_version: ocata
+
+description: 'Deployed Server Bootstrap Config'
+
+parameters:
+
+ server:
+ type: string
+
+resources:
+
+ DeployedServerBootstrapConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: deployed-server-bootstrap-rhel.sh}
+
+ DeployedServerBootstrapDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ config: {get_resource: DeployedServerBootstrapConfig}
+ server: {get_param: server}
diff --git a/docker/copy-json.py b/docker/copy-json.py
deleted file mode 100644
index e85ff11e..00000000
--- a/docker/copy-json.py
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/python
-import json
-import os
-
-data = {}
-file_perms = '0600'
-libvirt_perms = '0644'
-
-libvirt_config = os.getenv('libvirt_config').split(',')
-nova_config = os.getenv('nova_config').split(',')
-neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',')
-
-# Command, Config_files, Owner, Perms
-services = {
- 'nova-libvirt': [
- '/usr/sbin/libvirtd',
- libvirt_config,
- 'root',
- libvirt_perms],
- 'nova-compute': [
- '/usr/bin/nova-compute',
- nova_config,
- 'nova',
- file_perms],
- 'neutron-openvswitch-agent': [
- '/usr/bin/neutron-openvswitch-agent',
- neutron_openvswitch_agent_config,
- 'neutron',
- file_perms],
- 'ovs-vswitchd': [
- '/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/kolla/openvswitch/ovs-vswitchd.log'],
- 'ovsdb-server': [
- '/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --remote=ptcp:6640:127.0.0.1 --log-file=/var/log/kolla/openvswitch/ovsdb-server.log']
-}
-
-
-def build_config_files(config, owner, perms):
- config_source = '/var/lib/kolla/config_files/'
- config_files_dict = {}
- source = os.path.basename(config)
- dest = config
- config_files_dict.update({'source': config_source + source,
- 'dest': dest,
- 'owner': owner,
- 'perm': perms})
- return config_files_dict
-
-
-for service in services:
- if service != 'ovs-vswitchd' and service != 'ovsdb-server':
- command = services.get(service)[0]
- config_files = services.get(service)[1]
- owner = services.get(service)[2]
- perms = services.get(service)[3]
- config_files_list = []
- for config_file in config_files:
- if service == 'nova-libvirt':
- command = command + ' --config ' + config_file
- else:
- command = command + ' --config-file ' + config_file
- data['command'] = command
- config_files_dict = build_config_files(config_file, owner, perms)
- config_files_list.append(config_files_dict)
- data['config_files'] = config_files_list
- else:
- data['command'] = services.get(service)[0]
- data['config_files'] = []
-
- json_config_dir = '/var/lib/etc-data/json-config/'
- with open(json_config_dir + service + '.json', 'w') as json_file:
- json.dump(data, json_file, sort_keys=True, indent=4,
- separators=(',', ': '))
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index 1ba96e27..dfa8ac2e 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -8,7 +8,6 @@ parameters:
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
-
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
@@ -19,23 +18,11 @@ parameters:
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
-
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
-
- LibvirtConfig:
- type: string
- default: "/etc/libvirt/libvirtd.conf"
-
- NovaConfig:
- type: string
- default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf"
-
- NeutronOpenvswitchAgentConfig:
- type: string
- default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/openvswitch_agent.ini"
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
resources:
@@ -174,31 +161,24 @@ resources:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: CopyEtcConfig}
- CopyJsonConfig:
- type: OS::Heat::SoftwareConfig
+ {{role.name}}KollaJsonConfig:
+ type: OS::Heat::StructuredConfig
+ depends_on: CopyEtcDeployment
properties:
- group: script
- inputs:
- - name: libvirt_config
- - name: nova_config
- - name: neutron_openvswitch_agent_config
- config: {get_file: ../docker/copy-json.py}
+ group: json-file
+ config:
+ {get_param: [role_data, {{role.name}}, kolla_config]}
- CopyJsonDeployment:
+ {{role.name}}KollaJsonDeployment:
type: OS::Heat::SoftwareDeploymentGroup
- depends_on: CopyEtcDeployment
properties:
- name: CopyJsonDeployment
- config: {get_resource: CopyJsonConfig}
+ name: {{role.name}}KollaJsonDeployment
+ config: {get_resource: {{role.name}}KollaJsonConfig}
servers: {get_param: [servers, {{role.name}}]}
- input_values:
- libvirt_config: {get_param: LibvirtConfig}
- nova_config: {get_param: NovaConfig}
- neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig}
{{role.name}}ContainersConfig_Step1:
type: OS::Heat::StructuredConfig
- depends_on: CopyJsonDeployment
+ depends_on: {{role.name}}KollaJsonDeployment
properties:
group: docker-cmd
config:
@@ -206,7 +186,7 @@ resources:
{{role.name}}ContainersConfig_Step2:
type: OS::Heat::StructuredConfig
- depends_on: CopyJsonDeployment
+ depends_on: {{role.name}}KollaJsonDeployment
properties:
group: docker-cmd
config:
diff --git a/docker/services/README.rst b/docker/services/README.rst
index 8d1f9e86..60719bfc 100644
--- a/docker/services/README.rst
+++ b/docker/services/README.rst
@@ -32,6 +32,11 @@ are re-asserted when applying latter ones.
* config_settings: Custom hiera settings for this service. These are
used to generate configs.
+ * kolla_config: Contains YAML that represents how to map config files
+ into the kolla container. This config file is typically mapped into
+ the container itself at the /var/lib/kolla/config_files/config.json
+ location and drives how kolla's external config mechanisms work.
+
* step_config: A puppet manifest that is used to step through the deployment
sequence. Each sequence is given a "step" (via hiera('step') that provides
information for when puppet classes should activate themselves.
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 1c9e60db..0a061f6c 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -43,6 +43,22 @@ outputs:
config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]}
step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]}
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
+ kolla_config:
+ /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:
+ command: /usr/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/neutron.conf
+ - dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/openvswitch_agent.ini
+ - dest: /etc/neutron/plugins/ml2/ml2_conf.ini
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/ml2_conf.ini
docker_config:
step_1:
neutronovsagent:
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index c695c94d..e765609e 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -41,6 +41,18 @@ outputs:
config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]}
step_config: {get_attr: [NovaComputeBase, role_data, step_config]}
puppet_tags: nova_config,nova_paste_api_ini
+ kolla_config:
+ /var/lib/etc-data/json-config/nova-compute.json:
+ command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/nova.conf
+ - dest: /etc/nova/rootwrap.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/rootwrap.conf
docker_config:
step_1:
novacompute:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index a40a21fd..004d624a 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -41,6 +41,14 @@ outputs:
config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]}
step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]}
puppet_tags: nova_config
+ kolla_config:
+ /var/lib/etc-data/json-config/nova-libvirt.json:
+ command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ config_files:
+ - dest: /etc/libvirt/libvirtd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/libvirtd.conf
docker_config:
step_1:
nova_libvirt:
diff --git a/docker/services/services.yaml b/docker/services/services.yaml
index 3d51eb19..8c31107f 100644
--- a/docker/services/services.yaml
+++ b/docker/services/services.yaml
@@ -68,6 +68,8 @@ outputs:
step_config:
{get_attr: [PuppetServices, role_data, step_config]}
puppet_tags: {list_join: [",", {get_attr: [ServiceChain, role_data, puppet_tags]}]}
+ kolla_config:
+ map_merge: {get_attr: [ServiceChain, role_data, kolla_config]}
docker_config:
step_1: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_1]}}
step_2: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_2]}}
diff --git a/environments/auditd.yaml b/environments/auditd.yaml
new file mode 100644
index 00000000..b358c98a
--- /dev/null
+++ b/environments/auditd.yaml
@@ -0,0 +1,119 @@
+resource_registry:
+ OS::TripleO::Services::AuditD: ../puppet/services/auditd.yaml
+
+parameter_defaults:
+ AuditdRules:
+ 'Record attempts to alter time through adjtimex':
+ content: '-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules'
+ order : 1
+ 'Record attempts to alter time through settimeofday':
+ content: '-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules'
+ order : 2
+ 'Record Attempts to Alter Time Through stime':
+ content: '-a always,exit -F arch=b64 -S stime -k audit_time_rules'
+ order : 3
+ 'Record Attempts to Alter Time Through clock_settime':
+ content: '-a always,exit -F arch=b64 -S clock_settime -k audit_time_rules'
+ order : 4
+ 'Record Attempts to Alter the localtime File':
+ content: '-w /etc/localtime -p wa -k audit_time_rules'
+ order : 5
+ 'Record Events that Modify the Systems Discretionary Access Controls - chmod':
+ content: '-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 5
+ 'Record Events that Modify the Systems Discretionary Access Controls - chown':
+ content: '-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 6
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchmod':
+ content: '-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 7
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchmodat':
+ content: '-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 8
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchown':
+ content: '-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 9
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchownat':
+ content: '-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 10
+ 'Record Events that Modify the Systems Discretionary Access Controls - fremovexattr':
+ content: '-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 11
+ 'Record Events that Modify the Systems Discretionary Access Controls - fsetxattr':
+ content: '-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 12
+ 'Record Events that Modify the Systems Discretionary Access Controls - lchown':
+ content: '-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 13
+ 'Record Events that Modify the Systems Discretionary Access Controls - lremovexattr':
+ content: '-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 14
+ 'Record Events that Modify the Systems Discretionary Access Controls - lsetxattr':
+ content: '-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 15
+ 'Record Events that Modify the Systems Discretionary Access Controls - removexattr':
+ content: '-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 16
+ 'Record Events that Modify the Systems Discretionary Access Controls - setxattr':
+ content: '-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 17
+ 'Record Events that Modify User/Group Information - /etc/group':
+ content: '-w /etc/group -p wa -k audit_rules_usergroup_modification'
+ order : 18
+ 'Record Events that Modify User/Group Information - /etc/passwd':
+ content: '-w /etc/passwd -p wa -k audit_rules_usergroup_modification'
+ order : 19
+ 'Record Events that Modify User/Group Information - /etc/gshadow':
+ content: '-w /etc/gshadow -p wa -k audit_rules_usergroup_modification'
+ order : 20
+ 'Record Events that Modify User/Group Information - /etc/shadow':
+ content: '-w /etc/shadow -p wa -k audit_rules_usergroup_modification'
+ order : 21
+ 'Record Events that Modify User/Group Information - /etc/opasswd':
+ content: '-w /etc/opasswd -p wa -k audit_rules_usergroup_modification'
+ order : 22
+ 'Record Events that Modify the Systems Network Environment - sethostname / setdomainname':
+ content: '-a always,exit -F arch=b64 -S sethostname -S setdomainname -k audit_rules_networkconfig_modification'
+ order : 23
+ 'Record Events that Modify the Systems Network Environment - /etc/issue':
+ content: '-w /etc/issue -p wa -k audit_rules_networkconfig_modification'
+ order : 24
+ 'Record Events that Modify the Systems Network Environment - /etc/issue.net':
+ content: '-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification'
+ order : 25
+ 'Record Events that Modify the Systems Network Environment - /etc/hosts':
+ content: '-w /etc/hosts -p wa -k audit_rules_networkconfig_modification'
+ order : 26
+ 'Record Events that Modify the Systems Network Environment - /etc/sysconfig/network':
+ content: '-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification'
+ order : 27
+ 'Record Events that Modify the Systems Mandatory Access Controls':
+ content: '-w /etc/selinux/ -p wa -k MAC-policy'
+ order : 28
+ 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful / EACCES)':
+ content: '-a always,exit -F arch=b64 -S creat -S open -S openat -S open_by_handle_at -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access'
+ order : 29
+ 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful / EPERM)':
+ content: '-a always,exit -F arch=b64 -S creat -S open -S openat -S open_by_handle_at -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access'
+ order : 30
+ 'Ensure auditd Collects Information on the Use of Privileged Commands':
+ content: '-a always,exit -F path=SETUID_PROG_PATH -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged'
+ order : 31
+ 'Ensure auditd Collects Information on Exporting to Media (successful)':
+ content: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k export'
+ order : 32
+ 'Ensure auditd Collects File Deletion Events by User':
+ content: '-a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete'
+ order : 33
+ 'Ensure auditd Collects System Administrator Actions':
+ content: '-w /etc/sudoers -p wa -k actions'
+ order : 34
+ 'Ensure auditd Collects Information on Kernel Module Loading and Unloading (insmod)':
+ content: '-w /usr/sbin/insmod -p x -k modules'
+ order : 35
+ 'Ensure auditd Collects Information on Kernel Module Loading and Unloading (rmmod)':
+ content: '-w /usr/sbin/rmmod -p x -k modules'
+ order : 36
+ 'Ensure auditd Collects Information on Kernel Module Loading and Unloading (modprobe)':
+ content: '-w /usr/sbin/modprobe -p x -k modules'
+ order : 37
diff --git a/environments/cinder-dellps-config.yaml b/environments/cinder-dellps-config.yaml
new file mode 100644
index 00000000..eefd0fd6
--- /dev/null
+++ b/environments/cinder-dellps-config.yaml
@@ -0,0 +1,31 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to enable a
+# a Cinder Dell EMC PS Series backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendDellPs: ../puppet/services/cinder-backend-dellps.yaml
+
+parameter_defaults:
+ CinderEnableDellPsBackend: true
+ CinderDellPsBackendName: 'tripleo_dellps'
+ CinderDellPsSanIp: ''
+ CinderDellPsSanLogin: ''
+ CinderDellPsSanPassword: ''
+ CinderDellPsSanThinProvision: true
+ CinderDellPsGroupname: 'group-0'
+ CinderDellPsPool: 'default'
+ CinderDellPsChapLogin: ''
+ CinderDellPsChapPassword: ''
+ CinderDellPsUseChap: false
diff --git a/environments/cinder-dellsc-config.yaml b/environments/cinder-dellsc-config.yaml
index 92e257d4..617d640c 100644
--- a/environments/cinder-dellsc-config.yaml
+++ b/environments/cinder-dellsc-config.yaml
@@ -1,7 +1,7 @@
# A Heat environment file which can be used to enable a
-# a Cinder Dell Storage Center ISCSI backend, configured via puppet
+# Cinder Dell EMC Storage Center ISCSI backend, configured via puppet
resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+ OS::TripleO::Services::CinderBackendDellSc: ../puppet/services/cinder-backend-dellsc.yaml
parameter_defaults:
CinderEnableDellScBackend: true
diff --git a/environments/cinder-eqlx-config.yaml b/environments/cinder-eqlx-config.yaml
deleted file mode 100644
index ca2c5e5a..00000000
--- a/environments/cinder-eqlx-config.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-# A Heat environment file which can be used to enable a
-# a Cinder eqlx backen, configured via puppet
-resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
-
-parameter_defaults:
- CinderEnableEqlxBackend: true
- CinderEqlxBackendName: 'tripleo_eqlx'
- CinderEqlxSanIp: ''
- CinderEqlxSanLogin: ''
- CinderEqlxSanPassword: ''
- CinderEqlxSanThinProvision: true
- CinderEqlxGroupname: 'group-0'
- CinderEqlxPool: 'default'
- CinderEqlxChapLogin: ''
- CinderEqlxChapPassword: ''
- CinderEqlxUseChap: false
diff --git a/environments/cinder-scaleio-config.yaml b/environments/cinder-scaleio-config.yaml
new file mode 100644
index 00000000..cebd619c
--- /dev/null
+++ b/environments/cinder-scaleio-config.yaml
@@ -0,0 +1,35 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to enable a
+# a Cinder Dell EMC SacleIO backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendScaleIO: ../puppet/services/cinder-backend-scaleio.yaml
+
+parameter_defaults:
+ CinderEnableScaleIOBackend: true
+ CinderScaleIOBackendName: 'tripleo_scaleio'
+ CinderScaleIOSanIp: ''
+ CinderScaleIOSanLogin: ''
+ CinderScaleIOSanPassword: ''
+ CinderScaleIORestServerPort: '443'
+ CinderScaleIOVerifyServerCertificate: false
+ CinderScaleIOServerCertificatePath: ''
+ CinderScaleIOProtectionDomainName: 'domain1'
+ CinderScaleIOStoragePoolName: 'pool1'
+ CinderScaleIOStoragePools: 'domain1:pool1'
+ CinderScaleIORoundVolumeCapacity: true
+ CinderScaleIOUnmapVolumeBeforeDeletion: false
+ CinderScaleIOMaxOverSubscriptionRatio: ''
+ CinderScaleIOSanThinProvision: true
diff --git a/environments/collectd-environment.yaml b/environments/collectd-environment.yaml
new file mode 100644
index 00000000..7780530c
--- /dev/null
+++ b/environments/collectd-environment.yaml
@@ -0,0 +1,23 @@
+resource_registry:
+ OS::TripleO::Services::Collectd: ../puppet/services/metrics/collectd.yaml
+
+# parameter_defaults:
+#
+## You can specify additional plugins to load using the
+## CollectdExtraPlugins key:
+#
+# CollectdExtraPlugins:
+# - disk
+# - df
+#
+## You can use ExtraConfig (or one of the related *ExtraConfig keys)
+## to configure collectd. See the documentation for puppet-collectd at
+## https://github.com/voxpupuli/puppet-collectd for details.
+#
+# ExtraConfig:
+# collectd::plugin::disk::disks:
+# - "/^[vhs]d[a-f][0-9]?$/"
+# collectd::plugin::df::mountpoints:
+# - "/"
+# collectd::plugin::df::ignoreselected: false
+# collectd::plugin::cpu::valuespercentage: true
diff --git a/environments/contrail/contrail-net.yaml b/environments/contrail/contrail-net.yaml
new file mode 100644
index 00000000..1e64f91d
--- /dev/null
+++ b/environments/contrail/contrail-net.yaml
@@ -0,0 +1,26 @@
+resource_registry:
+ OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute.yaml
+
+parameter_defaults:
+ ControlPlaneSubnetCidr: '24'
+ ControlPlaneDefaultRoute: 192.0.2.254
+ InternalApiNetCidr: 10.0.0.0/24
+ InternalApiAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.200'}]
+ InternalApiDefaultRoute: 10.0.0.1
+ ManagementNetCidr: 10.1.0.0/24
+ ManagementAllocationPools: [{'start': '10.1.0.10', 'end': '10.1.0.200'}]
+ ManagementInterfaceDefaultRoute: 10.1.0.1
+ ExternalNetCidr: 10.2.0.0/24
+ ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}]
+ EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud
+ DnsServers: ["8.8.8.8","8.8.4.4"]
+ VrouterPhysicalInterface: eth1
+ VrouterGateway: 10.0.0.1
+ VrouterNetmask: 255.255.255.0
+ ControlVirtualInterface: eth0
+ PublicVirtualInterface: vlan10
diff --git a/environments/contrail/contrail-nic-config-compute.yaml b/environments/contrail/contrail-nic-config-compute.yaml
new file mode 100644
index 00000000..3007638a
--- /dev/null
+++ b/environments/contrail/contrail-nic-config-compute.yaml
@@ -0,0 +1,167 @@
+heat_template_version: ocata
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the compute role. This is an example for a Nova compute node using
+ Contrail vrouter and the vhost0 interface.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ InternalApiDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the internal api network.
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers:
+ get_param: DnsServers
+ addresses:
+ - ip_netmask:
+ list_join:
+ - '/'
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ - type: interface
+ name: nic2
+ use_dhcp: false
+ - type: interface
+ name: vhost0
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ routes:
+ - default: true
+ next_hop:
+ get_param: InternalApiDefaultRoute
+ - type: linux_bridge
+ name: br0
+ use_dhcp: false
+ members:
+ - type: interface
+ name: nic3
+ - type: vlan
+ vlan_id:
+ get_param: ManagementNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: ManagementIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: ExternalNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: ExternalIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: StorageNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: StorageIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: StorageMgmtNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: StorageMgmtIpSubnet
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
diff --git a/environments/contrail/contrail-services.yaml b/environments/contrail/contrail-services.yaml
new file mode 100644
index 00000000..80ef9d3a
--- /dev/null
+++ b/environments/contrail/contrail-services.yaml
@@ -0,0 +1,45 @@
+# A Heat environment file which can be used to enable OpenContrail
+# # extensions, configured via puppet
+resource_registry:
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginContrail
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::TripleO::Services::ComputeNeutronCorePluginContrail
+ OS::TripleO::NodeUserData: ../../firstboot/install_vrouter_kmod.yaml
+ OS::TripleO::Services::ContrailHeat: ../../puppet/services/network/contrail-heat.yaml
+ OS::TripleO::Services::ContrailAnalytics: ../../puppet/services/network/contrail-analytics.yaml
+ OS::TripleO::Services::ContrailAnalyticsDatabase: ../../puppet/services/network/contrail-analytics-database.yaml
+ OS::TripleO::Services::ContrailConfig: ../../puppet/services/network/contrail-config.yaml
+ OS::TripleO::Services::ContrailControl: ../../puppet/services/network/contrail-control.yaml
+ OS::TripleO::Services::ContrailDatabase: ../../puppet/services/network/contrail-database.yaml
+ OS::TripleO::Services::ContrailWebUI: ../../puppet/services/network/contrail-webui.yaml
+ OS::TripleO::Services::ContrailTsn: ../../puppet/services/network/contrail-tsn.yaml
+ OS::TripleO::Services::ComputeNeutronCorePluginContrail: ../../puppet/services/network/contrail-vrouter.yaml
+ OS::TripleO::Services::NeutronCorePluginContrail: ../../puppet/services/network/contrail-neutron-plugin.yaml
+parameter_defaults:
+ ContrailRepo: http://192.168.24.1/contrail-3.2.0.0-19
+ EnablePackageInstall: true
+# ContrailConfigIfmapUserName: api-server
+# ContrailConfigIfmapUserPassword: api-server
+ OvercloudControlFlavor: control
+ OvercloudContrailControllerFlavor: contrail-controller
+ OvercloudContrailAnalyticsFlavor: contrail-analytics
+ OvercloudContrailAnalyticsDatabaseFlavor: contrail-analytics-database
+ OvercloudContrailTsnFlavor: contrail-tsn
+ OvercloudComputeFlavor: compute
+ ControllerCount: 3
+ ContrailControllerCount: 3
+ ContrailAnalyticsCount: 3
+ ContrailAnalyticsDatabaseCount: 3
+ ContrailTsnCount: 1
+ ComputeCount: 3
+ DnsServers: ["8.8.8.8","8.8.4.4"]
+ NtpServer: 10.0.0.1
+ NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
+ NeutronServicePlugins: ''
+ NeutronTunnelTypes: ''
+# NeutronMetadataProxySharedSecret:
+# ContrailControlRNDCSecret: # sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64
diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml
new file mode 100644
index 00000000..5f6c4691
--- /dev/null
+++ b/environments/contrail/roles_data_contrail.yaml
@@ -0,0 +1,237 @@
+# Specifies which roles (groups of nodes) will be deployed
+# Note this is used as an input to the various *.j2.yaml
+# jinja2 templates, so that they are converted into *.yaml
+# during the plan creation (via a mistral action/workflow).
+#
+# The format is a list, with the following format:
+#
+# * name: (string) mandatory, name of the role, must be unique
+#
+# CountDefault: (number) optional, default number of nodes, defaults to 0
+# sets the default for the {{role.name}}Count parameter in overcloud.yaml
+#
+# HostnameFormatDefault: (string) optional default format string for hostname
+# defaults to '%stackname%-{{role.name.lower()}}-%index%'
+# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+#
+# disable_constraints: (boolean) optional, whether to disable Nova and Glance
+# constraints for each role specified in the templates.
+#
+# upgrade_batch_size: (number): batch size for upgrades where tasks are
+# specified by services to run in batches vs all nodes at once.
+# This defaults to 1, but larger batches may be specified here.
+#
+# ServicesDefault: (list) optional default list of services to be deployed
+# on the role, defaults to an empty list. Sets the default for the
+# {{role.name}}Services parameter in overcloud.yaml
+
+- name: Controller # the 'primary' role goes first
+ CountDefault: 1
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephRbdMirror
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::ContrailHeat
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerCollector
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::Zaqar
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::AuditD
+
+- name: Compute
+ CountDefault: 1
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: BlockStorage
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: ObjectStorage
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: CephStorage
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: ContrailController
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailConfig
+ - OS::TripleO::Services::ContrailControl
+ - OS::TripleO::Services::ContrailDatabase
+ - OS::TripleO::Services::ContrailWebUI
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+
+- name: ContrailAnalytics
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailAnalytics
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+
+- name: ContrailAnalyticsDatabase
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailAnalyticsDatabase
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+
+- name: ContrailTsn
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailTsn
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
diff --git a/environments/deployed-server-bootstrap-environment-rhel.yaml b/environments/deployed-server-bootstrap-environment-rhel.yaml
new file mode 100644
index 00000000..f614a91a
--- /dev/null
+++ b/environments/deployed-server-bootstrap-environment-rhel.yaml
@@ -0,0 +1,7 @@
+# An environment that can be used with the deployed-server.yaml template to do
+# initial bootstrapping of the deployed servers.
+resource_registry:
+ OS::TripleO::DeployedServer::Bootstrap: ../deployed-server/deployed-server-bootstrap-rhel.yaml
+
+parameter_defaults:
+ EnablePackageInstall: True
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
index 6e912faa..ff4ecfbe 100644
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@@ -2,7 +2,18 @@
# a TLS for in the internal network via certmonger
parameter_defaults:
EnableInternalTLS: true
+
+ # Required for novajoin to enroll the overcloud nodes
+ ServerMetadata:
+ ipa_enroll: True
+
resource_registry:
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
+ # We use apache as a TLS proxy
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+
+ # Creates nova metadata that will create the extra service principals per
+ # node.
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
diff --git a/environments/enable_congress.yaml b/environments/enable_congress.yaml
new file mode 100644
index 00000000..1eea7f5e
--- /dev/null
+++ b/environments/enable_congress.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Congress: ../puppet/services/congress.yaml
diff --git a/environments/enable_tacker.yaml b/environments/enable_tacker.yaml
new file mode 100644
index 00000000..1f9eca01
--- /dev/null
+++ b/environments/enable_tacker.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Tacker: ../puppet/services/tacker.yaml
diff --git a/environments/horizon_password_validation.yaml b/environments/horizon_password_validation.yaml
new file mode 100644
index 00000000..1a0f92cc
--- /dev/null
+++ b/environments/horizon_password_validation.yaml
@@ -0,0 +1,5 @@
+# Use this enviroment to pass in validation regex for horizons password
+# validation checks
+parameter_defaults:
+ HorizonPasswordValidator: '.*'
+ HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.'
diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml
index fe1302b5..c79e28b4 100644
--- a/environments/host-config-pre-network.j2.yaml
+++ b/environments/host-config-pre-network.j2.yaml
@@ -1,12 +1,12 @@
resource_registry:
# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc.,
-{% for role in roles %}
+{%- for role in roles -%}
{% if "Compute" in role.name %}
OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml
-{% endif %}
+{%- endif -%}
{% endfor %}
-parameter_defaults:
+#parameter_defaults:
# Sample parameters for Compute and ComputeOvsDpdk roles
#ComputeKernelArgs: ""
#ComputeTunedProfileName: ""
diff --git a/environments/major-upgrade-all-in-one.yaml b/environments/major-upgrade-all-in-one.yaml
index 69d72edd..4283b212 100644
--- a/environments/major-upgrade-all-in-one.yaml
+++ b/environments/major-upgrade-all-in-one.yaml
@@ -1,8 +1,2 @@
-# We run the upgrade steps without disabling the OS::TripleO::PostDeploySteps
-# this means you can do a major upgrade in one pass, which may be useful
-# e.g for all-in-one deployments where we can upgrade the compute services
-# at the same time as the controlplane
-# Note that it will be necessary to pass a mapping of OS::Heat::None again for
-# any subsequent updates, or the upgrade steps will run again.
resource_registry:
- OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml
+ OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml
index 7e10014b..44580b43 100644
--- a/environments/major-upgrade-composable-steps.yaml
+++ b/environments/major-upgrade-composable-steps.yaml
@@ -1,3 +1,4 @@
resource_registry:
- OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml
- OS::TripleO::PostDeploySteps: OS::Heat::None
+ OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
+parameter_defaults:
+ UpgradeLevelNovaCompute: auto
diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml
new file mode 100644
index 00000000..e3c0e531
--- /dev/null
+++ b/environments/major-upgrade-converge.yaml
@@ -0,0 +1,6 @@
+# Use this to reset any mappings only used for upgrades after the
+# update of all nodes is completed
+resource_registry:
+ OS::TripleO::PostDeploySteps: ../puppet/post.yaml
+parameter_defaults:
+ UpgradeLevelNovaCompute: ''
diff --git a/environments/neutron-ml2-fujitsu-fossw.yaml b/environments/neutron-ml2-fujitsu-fossw.yaml
new file mode 100644
index 00000000..8db8da75
--- /dev/null
+++ b/environments/neutron-ml2-fujitsu-fossw.yaml
@@ -0,0 +1,22 @@
+# A Heat environment file which can be used to enable Fujitsu fossw
+# plugin, configured via puppet
+resource_registry:
+ OS::TripleO::Services::NeutronML2FujitsuFossw: ../puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml
+
+parameter_defaults:
+ # Fixed
+ NeutronMechanismDrivers: ['openvswitch','fujitsu_fossw']
+ NeutronTypeDrivers: ['vlan','vxlan']
+ NeutronNetworkType: ['vlan','vxlan']
+
+ # Required
+ NeutronFujitsuFosswIps: '192.168.0.1,192.168.0.2'
+ NeutronFujitsuFosswUserName:
+ NeutronFujitsuFosswPassword:
+
+ # Optional
+ #NeutronFujitsuFosswPort:
+ #NeutronFujitsuFosswTimeout:
+ #NeutronFujitsuFosswUdpDestPort:
+ #NeutronFujitsuFosswOvsdbVlanidRangeMin:
+ #NeutronFujitsuFosswOvsdbPort:
diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml
index 3da560c8..7483bdbb 100644
--- a/environments/neutron-ml2-ovn.yaml
+++ b/environments/neutron-ml2-ovn.yaml
@@ -3,6 +3,7 @@
resource_registry:
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
# Disabling Neutron services that overlap with OVN
@@ -12,11 +13,12 @@ resource_registry:
parameter_defaults:
NeutronMechanismDrivers: ovn
- OVNSouthboundServerPort: 6642
- OVNNorthboundServerPort: 6641
- OVNDbConnectionTimeout: 60
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,ovn-router'
+ NeutronVniRanges: ['1:65536', ]
diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml
deleted file mode 100644
index 51575b86..00000000
--- a/environments/neutron-opencontrail.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# A Heat environment file which can be used to enable OpenContrail
-# extensions, configured via puppet
-resource_registry:
- OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
- OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
- OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
- OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- # Override the NeutronCorePlugin to use Nuage
- OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginOpencontrail
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-opencontrail.yaml
-
-parameter_defaults:
- NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
- NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
- NeutronTunnelTypes: ''
-
- # required params:
- #ContrailApiServerIp:
- #ContrailExtensions: ''
-
- # optional params
- # ContrailApiServerPort: 8082
- # ContrailMultiTenancy: false
diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml
deleted file mode 100644
index 6d5c7404..00000000
--- a/environments/neutron-opendaylight-l3.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-# A Heat environment that can be used to deploy OpenDaylight with L3 DVR
-resource_registry:
- OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
- OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
- OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
-
-parameter_defaults:
- NeutronEnableForceMetadata: true
- NeutronMechanismDrivers: 'opendaylight_v2'
- NeutronServicePlugins: 'odl-router_v2'
- OpenDaylightEnableL3: "'yes'"
diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml
index 9b7e51f9..5e9e15e3 100755
--- a/environments/neutron-sriov.yaml
+++ b/environments/neutron-sriov.yaml
@@ -9,9 +9,6 @@ parameter_defaults:
#NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
#NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
- # Provide the vendorid:productid of the VFs
- #NeutronSupportedPCIVendorDevs: ['8086:154c','8086:10ca','8086:1520']
-
#NeutronPhysicalDevMappings: "datacentre:ens20f2"
# Number of VFs that needs to be configured for a physical interface
diff --git a/environments/puppet-ceph.yaml b/environments/puppet-ceph.yaml
new file mode 100644
index 00000000..57af540a
--- /dev/null
+++ b/environments/puppet-ceph.yaml
@@ -0,0 +1,12 @@
+resource_registry:
+ OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml
+ OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml
+
+parameter_defaults:
+ CinderEnableIscsiBackend: false
+ CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
+ NovaEnableRbdBackend: true
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 0b71dbd9..da607a72 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -12,6 +12,7 @@ resource_registry:
OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
# Services that are disabled by default (use relevant environment files):
diff --git a/environments/services/ceph-rbdmirror.yaml b/environments/services/ceph-rbdmirror.yaml
new file mode 100644
index 00000000..b350e4c5
--- /dev/null
+++ b/environments/services/ceph-rbdmirror.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::CephRbdMirror: ../../puppet/services/pacemaker/ceph-rbdmirror.yaml
diff --git a/environments/services/ec2-api.yaml b/environments/services/ec2-api.yaml
new file mode 100644
index 00000000..d751ba23
--- /dev/null
+++ b/environments/services/ec2-api.yaml
@@ -0,0 +1,3 @@
+# A Heat environment file which can be used to enable EC2-API service.
+resource_registry:
+ OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
diff --git a/environments/services/octavia.yaml b/environments/services/octavia.yaml
new file mode 100644
index 00000000..24c57b8c
--- /dev/null
+++ b/environments/services/octavia.yaml
@@ -0,0 +1,9 @@
+resource_registry:
+ OS::TripleO::Services::OctaviaApi: ../../puppet/services/octavia-api.yaml
+ OS::TripleO::Services::OctaviaHealthManager: ../../puppet/services/octavia-health-manager.yaml
+ OS::TripleO::Services::OctaviaHousekeeping: ../../puppet/services/octavia-housekeeping.yaml
+ OS::TripleO::Services::OctaviaWorker: ../../puppet/services/octavia-worker.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: "qos,router,trunk,lbaasv2"
+ NeutronEnableForceMetadata: true
diff --git a/environments/sshd-banner.yaml b/environments/sshd-banner.yaml
new file mode 100644
index 00000000..041c0990
--- /dev/null
+++ b/environments/sshd-banner.yaml
@@ -0,0 +1,13 @@
+resource_registry:
+ OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml
+
+parameter_defaults:
+ BannerText: |
+ ******************************************************************
+ * This system is for the use of authorized users only. Usage of *
+ * this system may be monitored and recorded by system personnel. *
+ * Anyone using this system expressly consents to such monitoring *
+ * and is advised that if such monitoring reveals possible *
+ * evidence of criminal activity, system personnel may provide *
+ * the evidence from such monitoring to law enforcement officials.*
+ ******************************************************************
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 74c9f61d..1b666c5b 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -17,6 +17,45 @@ parameter_defaults:
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
@@ -55,6 +94,9 @@ parameter_defaults:
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
@@ -64,6 +106,9 @@ parameter_defaults:
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index 17ff2feb..7311a1f9 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -17,6 +17,45 @@ parameter_defaults:
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
@@ -55,6 +94,9 @@ parameter_defaults:
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
@@ -64,6 +106,9 @@ parameter_defaults:
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
index 0aa2be08..e6608b57 100644
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -17,6 +17,45 @@ parameter_defaults:
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
@@ -55,6 +94,9 @@ parameter_defaults:
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
@@ -64,6 +106,9 @@ parameter_defaults:
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.yaml
new file mode 100644
index 00000000..c66e6460
--- /dev/null
+++ b/extraconfig/nova_metadata/krb-service-principals.yaml
@@ -0,0 +1,84 @@
+heat_template_version: ocata
+description: 'Generates the relevant service principals for a server'
+
+parameters:
+ RoleData:
+ type: json
+ description: the list containing the 'role_data' output for the ServiceChain
+
+ # Coming from parameter_defaults
+ CloudName:
+ default: overcloud.localdomain
+ description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
+ type: string
+ CloudNameInternal:
+ default: overcloud.internalapi.localdomain
+ description: >
+ The DNS name of this cloud's internal API endpoint. E.g.
+ 'ci-overcloud.internalapi.tripleo.org'.
+ type: string
+ CloudNameStorage:
+ default: overcloud.storage.localdomain
+ description: >
+ The DNS name of this cloud's storage endpoint. E.g.
+ 'ci-overcloud.storage.tripleo.org'.
+ type: string
+ CloudNameStorageManagement:
+ default: overcloud.storagemgmt.localdomain
+ description: >
+ The DNS name of this cloud's storage management endpoint. E.g.
+ 'ci-overcloud.storagemgmt.tripleo.org'.
+ type: string
+ CloudNameCtlplane:
+ default: overcloud.ctlplane.localdomain
+ description: >
+ The DNS name of this cloud's storage management endpoint. E.g.
+ 'ci-overcloud.management.tripleo.org'.
+ type: string
+
+resources:
+
+ IncomingMetadataSettings:
+ type: OS::Heat::Value
+ properties:
+ value:
+ yaql:
+ # Filter null values and values that contain don't contain
+ # 'metadata_settings', get the values from that key and get the
+ # unique ones.
+ expression: list($.data.where($ != null).where($.containsKey('metadata_settings')).metadata_settings.flatten().distinct())
+ data: {get_param: RoleData}
+
+ # Generates entries for nova metadata with the following format:
+ # 'managed_service_<id>' : <service>/<fqdn>
+ # Depending on the requested network
+ IndividualServices:
+ type: OS::Heat::Value
+ properties:
+ value:
+ yaql:
+ expression: let(fqdns => $.data.fqdns) -> dict($.data.metadata.where($ != null and $.type = 'vip').select([concat('managed_service_', $.service, $.network), concat($.service, '/', $fqdns.get($.network))]))
+ data:
+ metadata: {get_attr: [IncomingMetadataSettings, value]}
+ fqdns:
+ external: {get_param: CloudName}
+ internal_api: {get_param: CloudNameInternal}
+ storage: {get_param: CloudNameStorage}
+ storage_mgmt: {get_param: CloudNameStorageManagement}
+ ctlplane: {get_param: CloudNameCtlplane}
+
+ CompactServices:
+ type: OS::Heat::Value
+ properties:
+ value:
+ yaql:
+ expression: dict($.data.where($ != null and $.type = 'node').select([$.service, $.network.replace('_', '')]).groupBy($[0], $[1]))
+ data: {get_attr: [IncomingMetadataSettings, value]}
+
+outputs:
+ metadata:
+ description: actual metadata entries that will be passed to the server.
+ value:
+ map_merge:
+ - {get_attr: [IndividualServices, value]}
+ - compact_services: {get_attr: [CompactServices, value]}
diff --git a/extraconfig/tasks/major_upgrade_block_storage.sh b/extraconfig/tasks/major_upgrade_block_storage.sh
deleted file mode 100644
index 64c4457e..00000000
--- a/extraconfig/tasks/major_upgrade_block_storage.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-#
-# This runs an upgrade of Cinder Block Storage nodes.
-#
-set -eu
-
-# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205
-special_case_ovs_upgrade_if_needed
-
-yum -y install python-zaqarclient # needed for os-collect-config
-yum -y -q update
diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh
deleted file mode 100755
index e0d160f1..00000000
--- a/extraconfig/tasks/major_upgrade_ceph_mon.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/bin/bash
-set -eu
-set -o pipefail
-
-echo INFO: starting $(basename "$0")
-
-# Exit if not running
-if ! pidof ceph-mon &> /dev/null; then
- echo INFO: ceph-mon is not running, skipping
- exit 0
-fi
-
-# Exit if not Hammer
-INSTALLED_VERSION=$(ceph --version | awk '{print $3}')
-if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then
- echo INFO: version of Ceph installed is not 0.94, skipping
- exit 0
-fi
-
-CEPH_STATUS=$(ceph health | awk '{print $1}')
-if [ ${CEPH_STATUS} = HEALTH_ERR ]; then
- echo ERROR: Ceph cluster status is HEALTH_ERR, cannot be upgraded
- exit 1
-fi
-
-# Useful when upgrading with OSDs num < replica size
-if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then
- timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do
- echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK;
- sleep 30;
- CEPH_STATUS=$(ceph health | awk '{print $1}')
- done"
-fi
-
-MON_PID=$(pidof ceph-mon)
-MON_ID=$(hostname -s)
-
-# Stop daemon using Hammer sysvinit script
-service ceph stop mon.${MON_ID}
-
-# Ensure it's stopped
-timeout 60 bash -c "while kill -0 ${MON_PID} 2> /dev/null; do
- sleep 2;
-done"
-
-# Update to Jewel
-yum -y -q update ceph-mon ceph
-
-# Restart/Exit if not on Jewel, only in that case we need the changes
-UPDATED_VERSION=$(ceph --version | awk '{print $3}')
-if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
- echo WARNING: Ceph was not upgraded, restarting daemons
- service ceph start mon.${MON_ID}
-elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
- # RPM could own some of these but we can't take risks on the pre-existing files
- for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do
- chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed
- done
-
- # Replay udev events with newer rules
- udevadm trigger
-
- # Enable systemd unit
- systemctl enable ceph-mon.target
- systemctl enable ceph-mon@${MON_ID}
- systemctl start ceph-mon@${MON_ID}
-
- # Wait for daemon to be back in the quorum
- timeout 300 bash -c "until (ceph quorum_status | jq .quorum_names | grep -sq ${MON_ID}); do
- echo WARNING: Waiting for mon.${MON_ID} to re-join quorum;
- sleep 10;
- done"
-
- # if tunables become legacy, cluster status will be HEALTH_WARN causing
- # upgrade to fail on following node
- ceph osd crush tunables default
-
- echo INFO: Ceph was upgraded to Jewel
-else
- echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
- exit 1
-fi
diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh
deleted file mode 100644
index a745e723..00000000
--- a/extraconfig/tasks/major_upgrade_ceph_storage.sh
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/bin/bash
-#
-# This delivers the ceph-storage upgrade script to be invoked as part of the tripleo
-# major upgrade workflow.
-#
-set -eu
-set -o pipefail
-
-UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh
-
-declare -f special_case_ovs_upgrade_if_needed > $UPGRADE_SCRIPT
-# use >> here so we don't lose the declaration we added above
-cat >> $UPGRADE_SCRIPT << 'ENDOFCAT'
-#!/bin/bash
-### DO NOT MODIFY THIS FILE
-### This file is automatically delivered to the ceph-storage nodes as part of the
-### tripleo upgrades workflow
-set -eu
-
-echo INFO: starting $(basename "$0")
-
-# Exit if not running
-if ! pidof ceph-osd &> /dev/null; then
- echo INFO: ceph-osd is not running, skipping
- exit 0
-fi
-
-# Exit if not Hammer
-INSTALLED_VERSION=$(ceph --version | awk '{print $3}')
-if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then
- echo INFO: version of Ceph installed is not 0.94, skipping
- exit 0
-fi
-
-OSD_PIDS=$(pidof ceph-osd)
-OSD_IDS=$(ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }')
-
-# "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb
-ceph osd set noout
-ceph osd set norebalance
-ceph osd set nodeep-scrub
-ceph osd set noscrub
-
-# Stop daemon using Hammer sysvinit script
-for OSD_ID in $OSD_IDS; do
- service ceph stop osd.${OSD_ID}
-done
-
-# Nice guy will return non-0 only when all failed
-timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do
- sleep 2;
-done"
-
-special_case_ovs_upgrade_if_needed
-
-# Update (Ceph to Jewel)
-yum -y install python-zaqarclient # needed for os-collect-config
-yum -y update
-
-# Restart/Exit if not on Jewel, only in that case we need the changes
-UPDATED_VERSION=$(ceph --version | awk '{print $3}')
-if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
- echo WARNING: Ceph was not upgraded, restarting daemon
- for OSD_ID in $OSD_IDS; do
- service ceph start osd.${OSD_ID}
- done
-elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
- # RPM could own some of these but we can't take risks on the pre-existing files
- for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do
- chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed
- done
-
- # Replay udev events with newer rules
- udevadm trigger && udevadm settle
-
- # If on ext4, we need to enforce lower values for name and namespace len
- # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187
- for OSD_ID in $OSD_IDS; do
- OSD_FS=$(df -l --output=fstype /var/lib/ceph/osd/ceph-${OSD_ID} | tail -n +2)
- if [ ${OSD_FS} = ext4 ]; then
- crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256
- crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64
- fi
- done
-
- # Enable systemd unit
- systemctl enable ceph-osd.target
- for OSD_ID in $OSD_IDS; do
- systemctl enable ceph-osd@${OSD_ID}
- systemctl start ceph-osd@${OSD_ID}
- done
-
- echo INFO: Ceph was upgraded to Jewel
-else
- echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
- exit 1
-fi
-
-ceph osd unset noout
-ceph osd unset norebalance
-ceph osd unset nodeep-scrub
-ceph osd unset noscrub
-ENDOFCAT
-
-# ensure the permissions are OK
-chmod 0755 $UPGRADE_SCRIPT
diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh
deleted file mode 100644
index 7a3e1073..00000000
--- a/extraconfig/tasks/major_upgrade_compute.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-#
-# This delivers the compute upgrade script to be invoked as part of the tripleo
-# major upgrade workflow.
-#
-set -eu
-
-UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh
-
-cat > $UPGRADE_SCRIPT << ENDOFCAT
-### DO NOT MODIFY THIS FILE
-### This file is automatically delivered to the compute nodes as part of the
-### tripleo upgrades workflow
-
-set -eu
-
-# pin nova to kilo (messaging +-1) for the nova-compute service
-
-crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute
-
-$(declare -f special_case_ovs_upgrade_if_needed)
-special_case_ovs_upgrade_if_needed
-
-yum -y install python-zaqarclient # needed for os-collect-config
-yum -y update
-
-# Due to bug#1640177 we need to restart compute agent
-echo "Restarting openstack ceilometer agent compute"
-systemctl restart openstack-ceilometer-compute
-
-ENDOFCAT
-
-# ensure the permissions are OK
-chmod 0755 $UPGRADE_SCRIPT
-
diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh
deleted file mode 100644
index d9d1b4d5..00000000
--- a/extraconfig/tasks/major_upgrade_object_storage.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-#
-# This delivers the swift-storage upgrade script to be invoked as part of the tripleo
-# major upgrade workflow.
-#
-set -eu
-
-UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh
-
-cat > $UPGRADE_SCRIPT << ENDOFCAT
-### DO NOT MODIFY THIS FILE
-### This file is automatically delivered to the swift-storage nodes as part of the
-### tripleo upgrades workflow
-
-set -eu
-
-function systemctl_swift {
- action=\$1
- for S in openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \
- openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \
- openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object; do
- systemctl \$action \$S
- done
-}
-
-$(declare -f special_case_ovs_upgrade_if_needed)
-special_case_ovs_upgrade_if_needed
-
-systemctl_swift stop
-
-yum -y install python-zaqarclient # needed for os-collect-config
-yum -y update
-
-systemctl_swift start
-
-
-
-ENDOFCAT
-
-# ensure the permissions are OK
-chmod 0755 $UPGRADE_SCRIPT
-
diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml
index b63aafbd..8c91027d 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker.yaml
+++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml
@@ -33,33 +33,6 @@ resources:
# map_merge with input_values instead of feeding params into scripts
# via str_replace on bash snippets
- CephMonUpgradeConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - str_replace:
- template: |
- #!/bin/bash
- ignore_ceph_upgrade_warnings='IGNORE_CEPH_UPGRADE_WARNINGS'
- params:
- IGNORE_CEPH_UPGRADE_WARNINGS: {get_param: IgnoreCephUpgradeWarnings}
- - get_file: major_upgrade_ceph_mon.sh
-
- CephMonUpgradeDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, Controller]}
- config: {get_resource: CephMonUpgradeConfig}
- input_values: {get_param: input_values}
- update_policy:
- batch_create:
- max_batch_size: 1
- rolling_update:
- max_batch_size: 1
-
ControllerPacemakerUpgradeConfig_Step1:
type: OS::Heat::SoftwareConfig
properties:
@@ -86,30 +59,11 @@ resources:
ControllerPacemakerUpgradeDeployment_Step1:
type: OS::Heat::SoftwareDeploymentGroup
- depends_on: CephMonUpgradeDeployment
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step1}
input_values: {get_param: input_values}
- BlockStorageUpgradeConfig:
- type: OS::Heat::SoftwareConfig
- depends_on: ControllerPacemakerUpgradeDeployment_Step1
- properties:
- group: script
- config:
- list_join:
- - ''
- - - get_file: pacemaker_common_functions.sh
- - get_file: major_upgrade_block_storage.sh
-
- BlockStorageUpgradeDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, BlockStorage]}
- config: {get_resource: BlockStorageUpgradeConfig}
- input_values: {get_param: input_values}
-
ControllerPacemakerUpgradeConfig_Step2:
type: OS::Heat::SoftwareConfig
properties:
@@ -136,7 +90,7 @@ resources:
ControllerPacemakerUpgradeDeployment_Step2:
type: OS::Heat::SoftwareDeploymentGroup
- depends_on: BlockStorageUpgradeDeployment
+ depends_on: ControllerPacemakerUpgradeDeployment_Step1
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step2}
diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml
deleted file mode 100644
index c308720b..00000000
--- a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-heat_template_version: ocata
-description: 'Upgrade for Pacemaker deployments'
-
-parameters:
-
- servers:
- type: json
- input_values:
- type: json
- description: input values for the software deployments
-
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
-
-resources:
-
- # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004
-
- UpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
-
- # TODO(jistr): for Mitaka->Newton upgrades and further we can use
- # map_merge with input_values instead of feeding params into scripts
- # via str_replace on bash snippets
-
- # FIXME(shardy) we have hard-coded per-role *ScriptConfig's here
- # Would be better to have a common config for all roles
- ComputeDeliverUpgradeScriptConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - str_replace:
- template: |
- #!/bin/bash
- upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE'
- params:
- UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute}
- - get_file: pacemaker_common_functions.sh
- - get_file: major_upgrade_compute.sh
-
- ObjectStorageDeliverUpgradeScriptConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - get_file: pacemaker_common_functions.sh
- - get_file: major_upgrade_object_storage.sh
-
- CephStorageDeliverUpgradeScriptConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - get_file: pacemaker_common_functions.sh
- - get_file: major_upgrade_ceph_storage.sh
-
-{% for role in roles %}
- UpgradeInit{{role.name}}Deployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: UpgradeInitConfig}
- input_values: {get_param: input_values}
-
- {% if not role.name in ['Controller', 'BlockStorage'] %}
- {{role.name}}DeliverUpgradeScriptDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
- input_values: {get_param: input_values}
- {% endif %}
-{% endfor %}
diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh
new file mode 100644
index 00000000..27ba33a8
--- /dev/null
+++ b/extraconfig/tasks/tripleo_upgrade_node.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+#
+# This delivers the operator driven upgrade script to be invoked as part of
+# the tripleo major upgrade workflow. The utility 'upgrade-non-controller.sh'
+# is used from the undercloud to invoke the /root/tripleo_upgrade_node.sh
+#
+set -eu
+
+UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh
+
+cat > $UPGRADE_SCRIPT << ENDOFCAT
+### DO NOT MODIFY THIS FILE
+### This file is automatically delivered to those nodes where the
+### disable_upgrade_deployment flag is set in roles_data.yaml.
+
+set -eu
+NOVA_COMPUTE=""
+if systemctl show 'openstack-nova-compute' --property ActiveState | grep '\bactive\b'; then
+ NOVA_COMPUTE="true"
+fi
+
+DEBUG="true"
+SCRIPT_NAME=$(basename $0)
+$(declare -f log_debug)
+$(declare -f manage_systemd_service)
+$(declare -f systemctl_swift)
+
+# pin nova messaging +-1 for the nova-compute service
+if [[ -n \$NOVA_COMPUTE ]]; then
+ crudini --set /etc/nova/nova.conf upgrade_levels compute auto
+fi
+
+$(declare -f special_case_ovs_upgrade_if_needed)
+special_case_ovs_upgrade_if_needed
+
+yum -y install python-zaqarclient # needed for os-collect-config
+systemctl_swift stop
+yum -y update
+systemctl_swift start
+
+# Due to bug#1640177 we need to restart compute agent
+if [[ -n \$NOVA_COMPUTE ]]; then
+ echo "Restarting openstack ceilometer agent compute"
+ systemctl restart openstack-ceilometer-compute
+fi
+
+# Apply puppet manifest to converge just right after the \$ROLE upgrade
+puppet apply /root/${ROLE}_puppet_config.pp
+
+ENDOFCAT
+
+# ensure the permissions are OK
+chmod 0755 $UPGRADE_SCRIPT
+
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index 74af7b02..c66dd01f 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -10,6 +10,11 @@
echo "Started yum_update.sh on server $deploy_server_id at `date`"
echo -n "false" > $heat_outputs_path.update_managed_packages
+if [ -f /.dockerenv ]; then
+ echo "Not running due to running inside a container"
+ exit 0
+fi
+
if [[ -z "$update_identifier" ]]; then
echo "Not running due to unset update_identifier"
exit 0
@@ -42,7 +47,7 @@ if [[ "$list_updates" == "" ]]; then
exit 0
fi
-pacemaker_status=$(systemctl is-active pacemaker)
+pacemaker_status=$(systemctl is-active pacemaker || :)
# Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455
# and https://bugs.launchpad.net/tripleo/+bug/1634851
diff --git a/firstboot/install_vrouter_kmod.yaml b/firstboot/install_vrouter_kmod.yaml
new file mode 100644
index 00000000..e936e605
--- /dev/null
+++ b/firstboot/install_vrouter_kmod.yaml
@@ -0,0 +1,105 @@
+heat_template_version: ocata
+
+parameters:
+ ContrailRepo:
+ type: string
+ default: http://192.168.24.1/contrail
+ VrouterPhysicalInterface:
+ default: 'eth0'
+ description: vRouter physical interface
+ type: string
+
+description: >
+ Prepares vhost0 interface to be used by os-net-config
+
+resources:
+ userdata:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: vrouter_module_config}
+
+ vrouter_module_config:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ config:
+ str_replace:
+ template: |
+ #!/bin/bash
+ sed -i '/\[main\]/a \ \ \ \ \parser = future' /etc/puppet/puppet.conf
+ cat <<EOF > /etc/yum.repos.d/contrail.repo
+ [Contrail]
+ name=Contrail Repo
+ baseurl=$contrail_repo
+ enabled=1
+ gpgcheck=0
+ protect=1
+ EOF
+ if [[ `hostname |awk -F"-" '{print $2}'` == "novacompute" || `hostname |awk -F"-" '{print $2}'` == "contrailtsn" ]]; then
+ yum install -y contrail-vrouter-utils
+ function pkt_setup () {
+ for f in /sys/class/net/$1/queues/rx-*
+ do
+ q="$(echo $f | cut -d '-' -f2)"
+ r=$(($q%32))
+ s=$(($q/32))
+ ((mask=1<<$r))
+ str=(`printf "%x" $mask`)
+ if [ $s -gt 0 ]; then
+ for ((i=0; i < $s; i++))
+ do
+ str+=,00000000
+ done
+ fi
+ echo $str > $f/rps_cpus
+ done
+ ifconfig $1 up
+ }
+ function insert_vrouter() {
+ insmod /tmp/vrouter.ko
+ if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then
+ pkt_setup pkt1
+ fi
+ if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then
+ pkt_setup pkt2
+ fi
+ if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then
+ pkt_setup pkt3
+ fi
+ DEV_MAC=$(cat /sys/class/net/$phy_int/address)
+ vif --create vhost0 --mac $DEV_MAC
+ vif --add $phy_int --mac $DEV_MAC --vrf 0 --vhost-phys --type physical
+ vif --add vhost0 --mac $DEV_MAC --vrf 0 --type vhost --xconnect $phy_int
+ ip link set vhost0 up
+ return 0
+ }
+ yumdownloader contrail-vrouter --destdir /tmp
+ cd /tmp
+ rpm2cpio /tmp/contrail-vrouter*.rpm | cpio -idmv
+ cp `find /tmp/lib/modules -name vrouter.ko |tail -1` /tmp
+ insert_vrouter
+ if [[ `ifconfig $dev |grep "inet "` ]]; then
+ def_gw=''
+ if [[ `ip route show |grep default|grep $dev` ]]; then
+ def_gw=`ip route show |grep default|grep $dev|awk '{print $3}'`
+ fi
+ ip=`ifconfig $dev |grep "inet "|awk '{print $2}'`
+ mask=`ifconfig $dev |grep "inet "|awk '{print $4}'`
+ ip address delete $ip/$mask dev $dev
+ ip address add $ip/$mask dev vhost0
+ if [[ $def_gw ]]; then
+ ip route add default via $def_gw
+ fi
+ fi
+ fi
+ params:
+ $phy_int: {get_param: VrouterPhysicalInterface}
+ $contrail_repo: {get_param: ContrailRepo}
+
+outputs:
+ # This means get_resource from the parent template will get the userdata, see:
+ # http://docs.openstack.org/developer/heat/template_guide/composition.html#making-your-template-resource-more-transparent
+ # Note this is new-for-kilo, an alternative is returning a value then using
+ # get_attr in the parent template instead.
+ OS::stack_id:
+ value: {get_resource: userdata}
diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py
index 7e8088be..990cbabc 100755
--- a/network/endpoints/build_endpoint_map.py
+++ b/network/endpoints/build_endpoint_map.py
@@ -280,8 +280,9 @@ def main():
try:
if options.check:
if not check_up_to_date(options.output_file, options.input_file):
- print('EndpointMap template does not match input data',
- file=sys.stderr)
+ print('EndpointMap template does not match input data. Please '
+ 'run the build_endpoint_map.py tool to update the '
+ 'template.', file=sys.stderr)
sys.exit(2)
else:
build_endpoint_map(options.output_file, options.input_file)
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index 5a7bdda9..277bd676 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -28,6 +28,96 @@ Ceilometer:
net_param: CeilometerApi
port: 8777
+ContrailConfig:
+ Internal:
+ net_param: ContrailConfig
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailConfig
+ port: 8082
+
+ContrailDiscovery:
+ Internal:
+ net_param: ContrailConfig
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailConfig
+ port: 5998
+
+ContrailAnalyticsCollectorHttp:
+ Internal:
+ net_param: ContrailAnalytics
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailAnalytics
+ port: 8089
+
+ContrailAnalyticsApi:
+ Internal:
+ net_param: ContrailAnalytics
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailAnalytics
+ port: 8081
+
+ContrailAnalyticsHttp:
+ Internal:
+ net_param: ContrailAnalytics
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailAnalytics
+ port: 8090
+
+ContrailAnalyticsCollectorSandesh:
+ Internal:
+ net_param: ContrailAnalytics
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailAnalytics
+ port: 8086
+
+ContrailAnalyticsRedis:
+ Internal:
+ net_param: ContrailAnalytics
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailAnalytics
+ port: 6379
+
+ContrailWebuiHttp:
+ Internal:
+ net_param: ContrailConfig
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailConfig
+ port: 8080
+
+ContrailWebuiHttps:
+ Internal:
+ net_param: ContrailConfig
+ Public:
+ net_param: Public
+ Admin:
+ net_param: ContrailConfig
+ port: 8143
+
+Ec2Api:
+ Internal:
+ net_param: Ec2Api
+ Public:
+ net_param: Public
+ Admin:
+ net_param: Ec2Api
+ port: 8788
+
Gnocchi:
Internal:
net_param: GnocchiApi
@@ -67,6 +157,15 @@ Cinder:
V3: /v3/%(tenant_id)s
port: 8776
+Congress:
+ Internal:
+ net_param: CongressApi
+ Public:
+ net_param: Public
+ Admin:
+ net_param: CongressApi
+ port: 1789
+
Glance:
Internal:
net_param: GlanceApi
@@ -272,6 +371,15 @@ Sahara:
'': /v1.1/%(tenant_id)s
port: 8386
+Tacker:
+ Internal:
+ net_param: TackerApi
+ Public:
+ net_param: Public
+ Admin:
+ net_param: TackerApi
+ port: 9890
+
Ironic:
Internal:
net_param: IronicApi
@@ -305,3 +413,12 @@ ZaqarWebSocket:
net_param: ZaqarApi
port: 9000
protocol: ws
+
+Octavia:
+ Internal:
+ net_param: OctaviaApi
+ Public:
+ net_param: Public
+ Admin:
+ net_param: OctaviaApi
+ port: 9876
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index 8ce62484..fecac0af 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -34,6 +34,45 @@ parameters:
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
+ CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS}
+ CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS}
+ CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS}
+ ContrailAnalyticsApiAdmin: {protocol: http, port: '8081', host: IP_ADDRESS}
+ ContrailAnalyticsApiInternal: {protocol: http, port: '8081', host: IP_ADDRESS}
+ ContrailAnalyticsApiPublic: {protocol: http, port: '8081', host: IP_ADDRESS}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: http, port: '8089',
+ host: IP_ADDRESS}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: http, port: '8089',
+ host: IP_ADDRESS}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: http, port: '8089',
+ host: IP_ADDRESS}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: http, port: '8086',
+ host: IP_ADDRESS}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: http, port: '8086',
+ host: IP_ADDRESS}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: http, port: '8086',
+ host: IP_ADDRESS}
+ ContrailAnalyticsHttpAdmin: {protocol: http, port: '8090', host: IP_ADDRESS}
+ ContrailAnalyticsHttpInternal: {protocol: http, port: '8090', host: IP_ADDRESS}
+ ContrailAnalyticsHttpPublic: {protocol: http, port: '8090', host: IP_ADDRESS}
+ ContrailAnalyticsRedisAdmin: {protocol: http, port: '6379', host: IP_ADDRESS}
+ ContrailAnalyticsRedisInternal: {protocol: http, port: '6379', host: IP_ADDRESS}
+ ContrailAnalyticsRedisPublic: {protocol: http, port: '6379', host: IP_ADDRESS}
+ ContrailConfigAdmin: {protocol: http, port: '8082', host: IP_ADDRESS}
+ ContrailConfigInternal: {protocol: http, port: '8082', host: IP_ADDRESS}
+ ContrailConfigPublic: {protocol: http, port: '8082', host: IP_ADDRESS}
+ ContrailDiscoveryAdmin: {protocol: http, port: '5998', host: IP_ADDRESS}
+ ContrailDiscoveryInternal: {protocol: http, port: '5998', host: IP_ADDRESS}
+ ContrailDiscoveryPublic: {protocol: http, port: '5998', host: IP_ADDRESS}
+ ContrailWebuiHttpAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
+ ContrailWebuiHttpInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
+ ContrailWebuiHttpPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
+ ContrailWebuiHttpsAdmin: {protocol: http, port: '8143', host: IP_ADDRESS}
+ ContrailWebuiHttpsInternal: {protocol: http, port: '8143', host: IP_ADDRESS}
+ ContrailWebuiHttpsPublic: {protocol: http, port: '8143', host: IP_ADDRESS}
+ Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS}
+ Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS}
+ Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS}
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
@@ -72,6 +111,9 @@ parameters:
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
+ OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
+ OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
+ OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS}
@@ -81,6 +123,9 @@ parameters:
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
+ TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS}
+ TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS}
+ TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS}
ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS}
ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS}
ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS}
@@ -1810,6 +1855,2775 @@ outputs:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, CinderPublic, port]
+ CongressAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ port:
+ get_param: [EndpointMap, CongressAdmin, port]
+ protocol:
+ get_param: [EndpointMap, CongressAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressAdmin, port]
+ CongressInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ port:
+ get_param: [EndpointMap, CongressInternal, port]
+ protocol:
+ get_param: [EndpointMap, CongressInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, CongressApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, CongressApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressInternal, port]
+ CongressPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, CongressPublic, port]
+ protocol:
+ get_param: [EndpointMap, CongressPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, CongressPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, CongressPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, CongressPublic, port]
+ ContrailAnalyticsApiAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port]
+ ContrailAnalyticsApiInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]
+ ContrailAnalyticsApiPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsApiPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsApiPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port]
+ ContrailAnalyticsCollectorHttpAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin,
+ port]
+ ContrailAnalyticsCollectorHttpInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal,
+ port]
+ ContrailAnalyticsCollectorHttpPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic,
+ port]
+ ContrailAnalyticsCollectorSandeshAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin,
+ port]
+ ContrailAnalyticsCollectorSandeshInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal,
+ port]
+ ContrailAnalyticsCollectorSandeshPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic,
+ port]
+ ContrailAnalyticsHttpAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port]
+ ContrailAnalyticsHttpInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsHttpInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsHttpInternal,
+ port]
+ ContrailAnalyticsHttpPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsHttpPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port]
+ ContrailAnalyticsRedisAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisAdmin,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port]
+ ContrailAnalyticsRedisInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsRedisInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailAnalyticsNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsRedisInternal,
+ port]
+ ContrailAnalyticsRedisPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailAnalyticsRedisPublic,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port]
+ ContrailConfigAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailConfigAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailConfigAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailConfigAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailConfigAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailConfigAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailConfigAdmin, port]
+ ContrailConfigInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailConfigInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailConfigInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailConfigInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailConfigInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailConfigInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailConfigInternal, port]
+ ContrailConfigPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailConfigPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailConfigPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailConfigPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailConfigPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailConfigPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailConfigPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailConfigPublic, port]
+ ContrailDiscoveryAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailDiscoveryAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailDiscoveryAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailDiscoveryAdmin, port]
+ ContrailDiscoveryInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailDiscoveryInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailDiscoveryInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailDiscoveryInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailDiscoveryInternal, port]
+ ContrailDiscoveryPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailDiscoveryPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailDiscoveryPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailDiscoveryPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailDiscoveryPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailDiscoveryPublic, port]
+ ContrailWebuiHttpAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailWebuiHttpAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port]
+ ContrailWebuiHttpInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailWebuiHttpInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpInternal, port]
+ ContrailWebuiHttpPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailWebuiHttpPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpPublic, port]
+ ContrailWebuiHttpsAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port]
+ protocol:
+ get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port]
+ ContrailWebuiHttpsInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ port:
+ get_param: [EndpointMap, ContrailWebuiHttpsInternal, port]
+ protocol:
+ get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsInternal,
+ host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, ContrailConfigNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, ContrailConfigNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port]
+ ContrailWebuiHttpsPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, ContrailWebuiHttpsPublic, port]
+ protocol:
+ get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, ContrailWebuiHttpsPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port]
+ Ec2ApiAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, Ec2ApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ port:
+ get_param: [EndpointMap, Ec2ApiAdmin, port]
+ protocol:
+ get_param: [EndpointMap, Ec2ApiAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, Ec2ApiAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, Ec2ApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, Ec2ApiAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, Ec2ApiAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, Ec2ApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, Ec2ApiAdmin, port]
+ Ec2ApiInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, Ec2ApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ port:
+ get_param: [EndpointMap, Ec2ApiInternal, port]
+ protocol:
+ get_param: [EndpointMap, Ec2ApiInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, Ec2ApiInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, Ec2ApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, Ec2ApiInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, Ec2ApiInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, Ec2ApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, Ec2ApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, Ec2ApiInternal, port]
+ Ec2ApiPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, Ec2ApiPublic, port]
+ protocol:
+ get_param: [EndpointMap, Ec2ApiPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, Ec2ApiPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, Ec2ApiPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, Ec2ApiPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, Ec2ApiPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, Ec2ApiPublic, port]
GlanceAdmin:
host:
str_replace:
@@ -5487,6 +8301,249 @@ outputs:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, NovaVNCProxyPublic, port]
+ OctaviaAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OctaviaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ port:
+ get_param: [EndpointMap, OctaviaAdmin, port]
+ protocol:
+ get_param: [EndpointMap, OctaviaAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, OctaviaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OctaviaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, OctaviaAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, OctaviaAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OctaviaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, OctaviaAdmin, port]
+ OctaviaInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OctaviaApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ port:
+ get_param: [EndpointMap, OctaviaInternal, port]
+ protocol:
+ get_param: [EndpointMap, OctaviaInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, OctaviaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OctaviaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, OctaviaInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, OctaviaInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OctaviaApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OctaviaApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, OctaviaInternal, port]
+ OctaviaPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, OctaviaPublic, port]
+ protocol:
+ get_param: [EndpointMap, OctaviaPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, OctaviaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, OctaviaPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, OctaviaPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, OctaviaPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, OctaviaPublic, port]
PankoAdmin:
host:
str_replace:
@@ -6464,6 +9521,249 @@ outputs:
template: NETWORK_uri
- ':'
- get_param: [EndpointMap, SwiftPublic, port]
+ TackerAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, TackerAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, TackerApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, TackerAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ port:
+ get_param: [EndpointMap, TackerAdmin, port]
+ protocol:
+ get_param: [EndpointMap, TackerAdmin, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, TackerAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, TackerAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, TackerApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, TackerAdmin, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, TackerAdmin, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, TackerAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, TackerApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, TackerAdmin, port]
+ TackerInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, TackerInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, TackerApiNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, TackerInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ port:
+ get_param: [EndpointMap, TackerInternal, port]
+ protocol:
+ get_param: [EndpointMap, TackerInternal, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, TackerInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, TackerInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, TackerApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, TackerInternal, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, TackerInternal, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, TackerInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, TackerApiNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, TackerApiNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, TackerInternal, port]
+ TackerPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, TackerPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, TackerPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, TackerPublic, port]
+ protocol:
+ get_param: [EndpointMap, TackerPublic, protocol]
+ uri:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, TackerPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, TackerPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, TackerPublic, port]
+ uri_no_suffix:
+ list_join:
+ - ''
+ - - get_param: [EndpointMap, TackerPublic, protocol]
+ - ://
+ - str_replace:
+ template:
+ get_param: [EndpointMap, TackerPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ - ':'
+ - get_param: [EndpointMap, TackerPublic, port]
ZaqarAdmin:
host:
str_replace:
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index c363ab8a..a1042ebb 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -21,9 +21,19 @@ parameters:
# snake_case - the names must still match when converted
ServiceNetMapDefaults:
default:
+ # Note the values in this map are replaced by *NetName
+ # to allow for sane defaults when the network names are
+ # overridden.
ApacheNetwork: internal_api
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
+ ContrailAnalyticsNetwork: internal_api
+ ContrailAnalyticsDatabaseNetwork: internal_api
+ ContrailConfigNetwork: internal_api
+ ContrailControlNetwork: internal_api
+ ContrailDatabaseNetwork: internal_api
+ ContrailWebuiNetwork: internal_api
+ ContrailTsnNetwork: internal_api
AodhApiNetwork: internal_api
PankoApiNetwork: internal_api
BarbicanApiNetwork: internal_api
@@ -31,6 +41,7 @@ parameters:
MongodbNetwork: internal_api
CinderApiNetwork: internal_api
CinderIscsiNetwork: storage
+ CongressApiNetwork: internal_api
GlanceApiNetwork: storage
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
@@ -38,6 +49,7 @@ parameters:
KeystonePublicApiNetwork: internal_api
ManilaApiNetwork: internal_api
NeutronApiNetwork: internal_api
+ OctaviaApiNetwork: internal_api
HeatApiNetwork: internal_api
HeatApiCfnNetwork: internal_api
HeatApiCloudwatchNetwork: internal_api
@@ -45,6 +57,10 @@ parameters:
NovaPlacementNetwork: internal_api
NovaMetadataNetwork: internal_api
NovaVncProxyNetwork: internal_api
+ NovaLibvirtNetwork: internal_api
+ Ec2ApiNetwork: internal_api
+ Ec2ApiMetadataNetwork: internal_api
+ TackerApiNetwork: internal_api
SwiftStorageNetwork: storage_mgmt
SwiftProxyNetwork: storage
SaharaApiNetwork: internal_api
@@ -61,6 +77,7 @@ parameters:
OvnDbsNetwork: internal_api
MistralApiNetwork: internal_api
ZaqarApiNetwork: internal_api
+ PacemakerRemoteNetwork: internal_api
# We special-case the default ResolveNetwork for the CephStorage role
# for backwards compatibility, all other roles default to internal_api
CephStorageHostnameResolveNetwork: storage
@@ -84,20 +101,62 @@ parameters:
internal use only, this will be removed in future.
type: json
+ InternalApiNetName:
+ default: internal_api
+ description: The name of the internal API network.
+ type: string
+ ExternalNetName:
+ default: external
+ description: The name of the external network.
+ type: string
+ ManagementNetName:
+ default: management
+ description: The name of the management network.
+ type: string
+ StorageNetName:
+ default: storage
+ description: The name of the storage network.
+ type: string
+ StorageMgmtNetName:
+ default: storage_mgmt
+ description: The name of the Storage management network.
+ type: string
+ TenantNetName:
+ default: tenant
+ description: The name of the tenant network.
+ type: string
+
+
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- ServiceNetMapDeprecatedMapping
+resources:
+ ServiceNetMapValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_merge:
+ - map_replace:
+ - {get_param: ServiceNetMapDefaults}
+ - values:
+ external: {get_param: ExternalNetName}
+ internal_api: {get_param: InternalApiNetName}
+ storage: {get_param: StorageNetName}
+ storage_mgmt: {get_param: StorageMgmtNetName}
+ tenant: {get_param: TenantNetName}
+ management: {get_param: ManagementNetName}
+ - map_replace:
+ - {get_param: ServiceNetMap}
+ - keys: {get_param: ServiceNetMapDeprecatedMapping}
+
+
outputs:
service_net_map:
- value:
- map_merge:
- - {get_param: ServiceNetMapDefaults}
- - map_replace:
- - {get_param: ServiceNetMap}
- - keys: {get_param: ServiceNetMapDeprecatedMapping}
+ value: {get_attr: [ServiceNetMapValue, value]}
service_net_map_lower:
value:
@@ -107,9 +166,4 @@ outputs:
yaql:
expression: dict($.data.map.items().select([ regex(`([a-z0-9])([A-Z])`).replace($[0], '\\1_\\2').toLower(), $[1]]))
data:
- map:
- map_merge:
- - {get_param: ServiceNetMapDefaults}
- - map_replace:
- - {get_param: ServiceNetMap}
- - keys: {get_param: ServiceNetMapDeprecatedMapping}
+ map: {get_attr: [ServiceNetMapValue, value]}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index e111a1a6..a6b32ddb 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -2,6 +2,7 @@ resource_registry:
OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
OS::TripleO::PostDeploySteps: puppet/post.yaml
+ OS::TripleO::PostUpgradeSteps: puppet/post.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
OS::TripleO::DefaultPasswords: default_passwords.yaml
@@ -110,7 +111,6 @@ resource_registry:
# Upgrade resources
OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml
- OS::TripleO::UpgradeSteps: OS::Heat::None
# services
OS::TripleO::Services: puppet/services/services.yaml
@@ -119,6 +119,7 @@ resource_registry:
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMds: OS::Heat::None
OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephRbdMirror: OS::Heat::None
OS::TripleO::Services::CephRgw: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::CephClient: OS::Heat::None
@@ -128,8 +129,10 @@ resource_registry:
OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml
+ OS::TripleO::Services::Congress: OS::Heat::None
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
+ OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml
OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
@@ -152,13 +155,13 @@ resource_registry:
OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
- OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml
OS::TripleO::Services::OVNDBs: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::Pacemaker: OS::Heat::None
+ OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
@@ -168,6 +171,7 @@ resource_registry:
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::SaharaEngine: OS::Heat::None
+ OS::TripleO::Services::Sshd: OS::Heat::None
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
@@ -184,6 +188,7 @@ resource_registry:
OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml
OS::TripleO::Services::SwiftRingBuilder: puppet/services/swift-ringbuilder.yaml
OS::TripleO::Services::Snmp: puppet/services/snmp.yaml
+ OS::TripleO::Services::Tacker: OS::Heat::None
OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
OS::TripleO::Services::CeilometerCollector: puppet/services/ceilometer-collector.yaml
@@ -198,6 +203,7 @@ resource_registry:
OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml
# Services that are disabled by default (use relevant environment files):
OS::TripleO::Services::FluentdClient: OS::Heat::None
+ OS::TripleO::Services::Collectd: OS::Heat::None
OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml
OS::TripleO::Services::ManilaApi: OS::Heat::None
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
@@ -224,15 +230,18 @@ resource_registry:
OS::TripleO::Services::OpenDaylightApi: OS::Heat::None
OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None
OS::TripleO::Services::SensuClient: OS::Heat::None
- OS::TripleO::Services::ContrailAnalytics: puppet/services/network/contrail-analytics.yaml
- OS::TripleO::Services::ContrailConfig: puppet/services/network/contrail-config.yaml
- OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml
- OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml
- OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml
+ OS::TripleO::Services::TLSProxyBase: OS::Heat::None
OS::TripleO::Services::Zaqar: OS::Heat::None
OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None
+ OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None
OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
+ OS::TripleO::Services::Ec2Api: OS::Heat::None
+ OS::TripleO::Services::AuditD: OS::Heat::None
+ OS::TripleO::Services::OctaviaApi: OS::Heat::None
+ OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
+ OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
+ OS::TripleO::Services::OctaviaWorker: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index f93c19a3..5b2ca4a2 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -598,9 +598,9 @@ resources:
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
- # Upgrade steps for all roles
- AllNodesUpgradeSteps:
- type: OS::TripleO::UpgradeSteps
+ # Post deployment steps for all roles
+ AllNodesDeploySteps:
+ type: OS::TripleO::PostDeploySteps
depends_on:
{% for role in roles %}
- {{role.name}}AllNodesDeployment
@@ -610,20 +610,7 @@ resources:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
- role_data:
-{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
-{% endfor %}
-
- # Post deployment steps for all roles
- AllNodesDeploySteps:
- type: OS::TripleO::PostDeploySteps
- depends_on: AllNodesUpgradeSteps
- properties:
- servers:
-{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
-{% endfor %}
+ EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
role_data:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 9e35af5f..d3268ee2 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -458,9 +458,7 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
index cb8d498c..9b900bc4 100644
--- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -245,7 +245,9 @@ resources:
for map_name in mappings:
f_name = '/root/' + map_name
map_data = os.getenv(map_name, "Nada")
- with open(f_name, 'a') as f:
+ with os.fdopen(os.open(f_name,
+ os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0o644),
+ 'w') as f:
f.write(map_data)
if map_data is not "Nada":
if map_name is not 'nexus_config':
@@ -260,7 +262,9 @@ resources:
for mac in vals[1:]:
mac2host[mac.lower()] = vals[0]
- with open('/root/mac2host', 'a') as f:
+ with os.fdopen(os.open('/root/mac2host',
+ os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0o644),
+ 'w') as f:
f.write(str(mac2host))
# now we have mac to host, map host to switchport in hieradata
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
deleted file mode 100644
index 66252f1f..00000000
--- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-heat_template_version: ocata
-
-description: Compute node hieradata for Neutron OpenContrail configuration
-
-parameters:
- server:
- description: ID of the compute node to apply this config to
- type: string
- ContrailApiServerIp:
- description: IP address of the OpenContrail API server
- type: string
- ContrailApiServerPort:
- description: Port of the OpenContrail API
- type: string
- default: 8082
-
-resources:
- ComputeContrailConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- neutron_opencontrail_data:
- mapped_data:
- nova::network::neutron::network_api_class: nova.network.neutronv2.api.API
-
- contrail::vrouter::provision_vrouter::api_address: {get_input: contrail_api_server_ip}
- contrail::vrouter::provision_vrouter::api_port: {get_input: contrail_api_server_port}
- contrail::vrouter::provision_vrouter::keystone_admin_user: admin
- contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin
- contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"'
-
- contrail::vnc_api::vnc_api_config:
- 'auth/AUTHN_TYPE':
- value: keystone
- 'auth/AUTHN_PROTOCOL':
- value: http
- 'auth/AUTHN_SERVER':
- value: "%{hiera('keystone_admin_api_vip')}"
- 'auth/AUTHN_PORT':
- value: 35357
- 'auth/AUTHN_URL':
- value: '/v2.0/tokens'
-
- ComputeContrailDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: ComputeContrailConfig}
- server: {get_param: server}
- input_values:
- contrail_api_server_ip: {get_param: ContrailApiServerIp}
- contrail_api_server_port: {get_param: ContrailApiServerPort}
-
-outputs:
- deploy_stdout:
- description: Output of the extra hiera data deployment
- value: {get_attr: [ComputeContrailDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
deleted file mode 100644
index 7d639883..00000000
--- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
-heat_template_version: ocata
-
-description: Configure hieradata for Cinder Dell Storage Center configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
-
- # Config specific parameters, to be provided via parameter_defaults
- CinderEnableDellScBackend:
- type: boolean
- default: true
- CinderDellScBackendName:
- type: string
- default: 'tripleo_dellsc'
- CinderDellScSanIp:
- type: string
- CinderDellScSanLogin:
- type: string
- default: 'Admin'
- CinderDellScSanPassword:
- type: string
- hidden: true
- CinderDellScSsn:
- type: string
- default: '64702'
- CinderDellScIscsiIpAddress:
- type: string
- default: ''
- CinderDellScIscsiPort:
- type: string
- default: '3260'
- CinderDellScApiPort:
- type: string
- default: '3033'
- CinderDellScServerFolder:
- type: string
- default: 'dellsc_server'
- CinderDellScVolumeFolder:
- type: string
- default: 'dellsc_volume'
-
-resources:
- CinderDellScConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- cinder_dellsc_data:
- mapped_data:
- tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend}
- cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName}
- cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp}
- cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin}
- cinder::backend::dellsc_iscsi::san_password: {get_input: DellScSanPassword}
- cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_input: DellScSsn}
- cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_input: DellScIscsiIpAddress}
- cinder::backend::dellsc_iscsi::iscsi_port: {get_input: DellScIscsiPort}
- cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_input: DellScApiPort}
- cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_input: DellScServerFolder}
- cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_input: DellScVolumeFolder}
-
- CinderDellScDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: CinderDellScConfig}
- server: {get_param: server}
- input_values:
- EnableDellScBackend: {get_param: CinderEnableDellScBackend}
- DellScBackendName: {get_param: CinderDellScBackendName}
- DellScSanIp: {get_param: CinderDellScSanIp}
- DellScSanLogin: {get_param: CinderDellScSanLogin}
- DellScSanPassword: {get_param: CinderDellScSanPassword}
- DellScSsn: {get_param: CinderDellScSsn}
- DellScIscsiIpAddress: {get_param: CinderDellScIscsiIpAddress}
- DellScIscsiPort: {get_param: CinderDellScIscsiPort}
- DellScApiPort: {get_param: CinderDellScApiPort}
- DellScServerFolder: {get_param: CinderDellScServerFolder}
- DellScVolumeFolder: {get_param: CinderDellScVolumeFolder}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [CinderDellScDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
deleted file mode 100644
index 30509044..00000000
--- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
-heat_template_version: ocata
-
-description: Configure hieradata for Cinder Eqlx configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
-
- # Config specific parameters, to be provided via parameter_defaults
- CinderEnableEqlxBackend:
- type: boolean
- default: true
- CinderEqlxBackendName:
- type: string
- default: 'tripleo_eqlx'
- CinderEqlxSanIp:
- type: string
- CinderEqlxSanLogin:
- type: string
- CinderEqlxSanPassword:
- type: string
- hidden: true
- CinderEqlxSanThinProvision:
- type: boolean
- default: true
- CinderEqlxGroupname:
- type: string
- default: 'group-0'
- CinderEqlxPool:
- type: string
- default: 'default'
- CinderEqlxChapLogin:
- type: string
- default: ''
- CinderEqlxChapPassword:
- type: string
- default: ''
- CinderEqlxUseChap:
- type: boolean
- default: false
-
-resources:
- CinderEqlxConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- cinder_eqlx_data:
- mapped_data:
- tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend}
- cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName}
- cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp}
- cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin}
- cinder::backend::eqlx::san_password: {get_input: EqlxSanPassword}
- cinder::backend::eqlx::san_thin_provision: {get_input: EqlxSanThinProvision}
- cinder::backend::eqlx::eqlx_group_name: {get_input: EqlxGroupname}
- cinder::backend::eqlx::eqlx_pool: {get_input: EqlxPool}
- cinder::backend::eqlx::eqlx_use_chap: {get_input: EqlxUseChap}
- cinder::backend::eqlx::eqlx_chap_login: {get_input: EqlxChapLogin}
- cinder::backend::eqlx::eqlx_chap_password: {get_input: EqlxChapPassword}
-
- CinderEqlxDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: CinderEqlxConfig}
- server: {get_param: server}
- input_values:
- EnableEqlxBackend: {get_param: CinderEnableEqlxBackend}
- EqlxBackendName: {get_param: CinderEqlxBackendName}
- EqlxSanIp: {get_param: CinderEqlxSanIp}
- EqlxSanLogin: {get_param: CinderEqlxSanLogin}
- EqlxSanPassword: {get_param: CinderEqlxSanPassword}
- EqlxSanThinProvision: {get_param: CinderEqlxSanThinProvision}
- EqlxGroupname: {get_param: CinderEqlxGroupname}
- EqlxPool: {get_param: CinderEqlxPool}
- EqlxUseChap: {get_param: CinderEqlxUseChap}
- EqlxChapLogin: {get_param: CinderEqlxChapLogin}
- EqlxChapPassword: {get_param: CinderEqlxChapPassword}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [CinderEqlxDeployment, deploy_stdout]}
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index 9430a704..3362a01f 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -1,3 +1,7 @@
+{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% set batch_upgrade_steps_max = 3 -%}
+{% set upgrade_steps_max = 6 -%}
+{% set deliver_script = {'deliver': False} -%}
heat_template_version: ocata
description: 'Upgrade steps for all roles'
@@ -14,38 +18,192 @@ parameters:
description: >
Setting to a previously unused value during stack-update will trigger
the Upgrade resources to re-run on all roles.
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ NovaPassword:
+ description: The password for the nova service and db account, used by nova-api.
+ type: string
+ hidden: true
+
+conditions:
+ # Conditions to disable any steps where the task list is empty
+{%- for role in roles %}
+ {{role.name}}UpgradeBatchConfigEnabled:
+ not:
+ equals:
+ - {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
+ - []
+ {{role.name}}UpgradeConfigEnabled:
+ not:
+ equals:
+ - {get_param: [role_data, {{role.name}}, upgrade_tasks]}
+ - []
+{%- endfor %}
resources:
+{% for role in roles if role.disable_upgrade_deployment|default(false) %}
+ {{role.name}}DeliverUpgradeScriptConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "set -eu\n\n"
+ - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n"
+ - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n"
+ - " crudini --set /etc/nova/nova.conf placement username placement\n\n"
+ - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n"
+ - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n"
+ - " crudini --set /etc/nova/nova.conf placement project_name service\n\n"
+ - " systemctl restart openstack-nova-compute\n\n"
+ - "fi\n\n"
+ - str_replace:
+ template: |
+ crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD'
+ crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME'
+ crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL'
+ ROLE='ROLE_NAME'
+ params:
+ SERVICE_PASSWORD: { get_param: NovaPassword }
+ REGION_NAME: { get_param: KeystoneRegion }
+ AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ROLE_NAME: {{role.name}}
+ - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
+ - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
+
+ {{role.name}}DeliverUpgradeScriptDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
+{% endfor %}
+
+# Upgrade Steps for all roles, batched updates
+# The UpgradeConfig resources could actually be created without
+# serialization, but the event output is easier to follow if we
+# do, and there should be minimal performance hit (creating the
+# config is cheap compared to the time to apply the deployment).
+{% for step in range(0, batch_upgrade_steps_max) %}
+ # Batch config resources step {{step}}
+ {%- for role in roles %}
+ {{role.name}}UpgradeBatchConfig_Step{{step}}:
+ type: OS::TripleO::UpgradeConfig
+ {%- if step > 0 %}
+ condition: {{role.name}}UpgradeBatchConfigEnabled
+ {% if role.name in enabled_roles %}
+ depends_on:
+ - {{role.name}}UpgradeBatch_Step{{step -1}}
+ {%- endif %}
+ {% else %}
+ {% for role in roles if role.disable_upgrade_deployment|default(false) %}
+ {% if deliver_script.update({'deliver': True}) %} {% endif %}
+ {% endfor %}
+ {% if deliver_script.deliver %}
+ depends_on:
+ {% endif %}
+ {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
+ - {{dep.name}}DeliverUpgradeScriptDeployment
+ {% endfor %}
+ {% endif %}
+ properties:
+ UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
+ step: {{step}}
+ {%- endfor %}
+
+ # Batch deployment resources for step {{step}} (only for enabled roles)
+ {%- for role in enabled_roles %}
+ {{role.name}}UpgradeBatch_Step{{step}}:
+ type: OS::Heat::SoftwareDeploymentGroup
+ condition: {{role.name}}UpgradeBatchConfigEnabled
+ {%- if step > 0 %}
+ depends_on:
+ - {{role.name}}UpgradeBatch_Step{{step -1}}
+ {% else %}
+ depends_on:
+ - {{role.name}}UpgradeBatchConfig_Step{{step}}
+ {%- endif %}
+ update_policy:
+ batch_create:
+ max_batch_size: {{role.upgrade_batch_size|default(1)}}
+ rolling_update:
+ max_batch_size: {{role.upgrade_batch_size|default(1)}}
+ properties:
+ name: {{role.name}}UpgradeBatch_Step{{step}}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}UpgradeBatchConfig_Step{{step}}}
+ input_values:
+ role: {{role.name}}
+ update_identifier: {get_param: UpdateIdentifier}
+ {%- endfor %}
+{%- endfor %}
+
+# Dump the puppet manifests to be apply later when disable_upgrade_deployment
+# is to true
+{% for role in roles if role.disable_upgrade_deployment|default(false) %}
+ {{role.name}}DeliverPuppetConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - str_replace:
+ template: |
+ #!/bin/bash
+ cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT
+ PUPPET_CLASSES
+ ENDOFCAT
+ params:
+ PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]}
+
+ {{role.name}}DeliverPuppetDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}DeliverPuppetConfig}
+{% endfor %}
+
# Upgrade Steps for all roles
-# FIXME(shardy): would be nice to make the number of steps configurable
-{% for step in range(0, 8) %}
- {% for role in roles %}
- # Step {{step}} resources
+{%- for step in range(0, upgrade_steps_max) %}
+ # Config resources for step {{step}}
+ {%- for role in roles %}
{{role.name}}UpgradeConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
- {% if step > 0 %}
+ {%- if step > 0 %}
+ condition: {{role.name}}UpgradeConfigEnabled
+ {% if role.name in enabled_roles %}
depends_on:
- {% for dep in roles %}
- - {{dep.name}}Upgrade_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ - {{role.name}}Upgrade_Step{{step -1}}
+ {% endif %}
+ {%- endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
step: {{step}}
+ {%- endfor %}
+ # Deployment resources for step {{step}} (only for enabled roles)
+ {%- for role in enabled_roles %}
{{role.name}}Upgrade_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- {% if step > 0 %}
+ type: OS::Heat::SoftwareDeploymentGroup
+ {%- if step > 0 %}
+ condition: {{role.name}}UpgradeConfigEnabled
depends_on:
- {% for dep in roles %}
- - {{dep.name}}Upgrade_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ - {{role.name}}Upgrade_Step{{step -1}}
+ {%- endif %}
properties:
name: {{role.name}}Upgrade_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
@@ -53,8 +211,21 @@ resources:
input_values:
role: {{role.name}}
update_identifier: {get_param: UpdateIdentifier}
- {% endfor %}
-{% endfor %}
+ {%- endfor %}
+{%- endfor %}
+
+ # Post upgrade deployment steps for all roles
+ # This runs the normal configuration (e.g puppet) steps unless upgrade
+ # is disabled for the role
+ AllNodesPostUpgradeSteps:
+ type: OS::TripleO::PostUpgradeSteps
+ depends_on:
+{%- for dep in enabled_roles %}
+ - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}}
+{%- endfor %}
+ properties:
+ servers: {get_param: servers}
+ role_data: {get_param: role_data}
outputs:
# Output the config for each role, just use Step1 as the config should be
@@ -65,4 +236,3 @@ outputs:
{% for role in roles %}
{{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
{% endfor %}
-
diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml
new file mode 100644
index 00000000..b84039de
--- /dev/null
+++ b/puppet/post-upgrade.j2.yaml
@@ -0,0 +1,27 @@
+heat_template_version: ocata
+
+description: >
+ Post-upgrade configuration steps via puppet for all roles
+ where upgrade is not disabled as defined in ../roles_data.yaml
+
+parameters:
+ servers:
+ type: json
+ description: Mapping of Role name e.g Controller to a list of servers
+
+ role_data:
+ type: json
+ description: Mapping of Role name e.g Controller to the per-role data
+
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
+
+resources:
+# Note the include here is the same as post.j2.yaml but the data used at
+# the time of rendering is different if any roles disable upgrades
+{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% include 'puppet-steps.j2' %}
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
index 2a02ea19..21202775 100644
--- a/puppet/post.j2.yaml
+++ b/puppet/post.j2.yaml
@@ -12,7 +12,11 @@ parameters:
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
-
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
DeployIdentifier:
default: ''
type: string
@@ -21,97 +25,4 @@ parameters:
perform configuration on a Heat stack-update.
resources:
-
-{% for role in roles %}
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
- # {{role.name}} Role steps
- {{role.name}}ArtifactsConfig:
- type: deploy-artifacts.yaml
-
- {{role.name}}ArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ArtifactsConfig}
-
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
-
- {% if role.name == 'Controller' %}
- ControllerPrePuppet:
- type: OS::TripleO::Tasks::ControllerPrePuppet
- properties:
- servers: {get_param: [servers, Controller]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
- {% endif %}
-
- # Step through a series of configuration steps
-{% for step in range(1, 6) %}
- {% for role in roles %}
-
- {{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- {% if step == 1 %}
- depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
- {% else %}
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- {% endif %}
- properties:
- name: {{role.name}}Deployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
- input_values:
- step: {{step}}
- update_identifier: {get_param: DeployIdentifier}
-
- {% endfor %}
-{% endfor %}
-
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step5
- {% endfor %}
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}PostConfig
- {% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
-
- {% if role.name == 'Controller' %}
- ControllerPostPuppet:
- depends_on:
- - ControllerExtraConfigPost
- type: OS::TripleO::Tasks::ControllerPostPuppet
- properties:
- servers: {get_param: [servers, Controller]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
- {% endif %}
-
-{% endfor %}
+{% include 'puppet-steps.j2' %}
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
new file mode 100644
index 00000000..c3b54ccd
--- /dev/null
+++ b/puppet/puppet-steps.j2
@@ -0,0 +1,88 @@
+ # Post deployment steps for all roles
+ # A single config is re-applied with an incrementing step number
+{% for role in roles %}
+ # {{role.name}} Role post-deploy steps
+ {{role.name}}ArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ {{role.name}}ArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}ArtifactsConfig}
+
+ {{role.name}}PreConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PreConfig
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Config:
+ type: OS::TripleO::{{role.name}}Config
+ properties:
+ StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
+
+ {% if role.name == 'Controller' %}
+ ControllerPrePuppet:
+ type: OS::TripleO::Tasks::ControllerPrePuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+
+ # Step through a series of configuration steps
+{% for step in range(1, 6) %}
+ {{role.name}}Deployment_Step{{step}}:
+ type: OS::Heat::StructuredDeploymentGroup
+ {% if step == 1 %}
+ depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
+ {% else %}
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step{{step -1}}
+ {% endfor %}
+ {% endif %}
+ properties:
+ name: {{role.name}}Deployment_Step{{step}}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: {{step}}
+ update_identifier: {get_param: DeployIdentifier}
+{% endfor %}
+
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step5
+ {% endfor %}
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ {{role.name}}ExtraConfigPost:
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}PostConfig
+ {% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+
+ {% if role.name == 'Controller' %}
+ ControllerPostPuppet:
+ depends_on:
+ - ControllerExtraConfigPost
+ type: OS::TripleO::Tasks::ControllerPostPuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+{% endfor %}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 6e4e9c1d..9c2d8c5c 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -49,6 +49,32 @@ are re-asserted when applying latter ones.
5) Service activation (Pacemaker)
+Batch Upgrade Steps
+-------------------
+
+Each service template may optionally define a `upgrade_batch_tasks` key, which
+is a list of ansible tasks to be performed during the upgrade process.
+
+Similar to the step_config, we allow a series of steps for the per-service
+upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
+step, "step2" for the second, etc (currently only two steps are supported, but
+more may be added when required as additional services get converted to batched
+upgrades).
+
+Note that each step is performed in batches, then we move on to the next step
+which is also performed in batches (we don't perform all steps on one node,
+then move on to the next one which means you can sequence rolling upgrades of
+dependent services via the step value).
+
+The tasks performed at each step is service specific, but note that all batch
+upgrade steps are performed before the `upgrade_tasks` described below. This
+means that all services that support rolling upgrades can be upgraded without
+downtime during `upgrade_batch_tasks`, then any remaining services are stopped
+and upgraded during `upgrade_tasks`
+
+The default batch size is 1, but this can be overridden for each role via the
+`upgrade_batch_size` option in roles_data.yaml
+
Upgrade Steps
-------------
@@ -71,9 +97,9 @@ step, "step2" for the second, etc.
5) Perform any migration tasks, e.g DB sync commands
- 6) Start control-plane services
-
- 7) Any additional online migration tasks (e.g data migrations)
+Note that the services are not started in the upgrade tasks - we instead re-run
+puppet which does any reconfiguration required for the new version, then starts
+the services.
Nova Server Metadata Settings
-----------------------------
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 4e735b45..4bd9fc47 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -83,3 +83,9 @@ outputs:
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::aodh::api
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: Stop aodh_api service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 8648a971..f5ca329e 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -80,7 +80,7 @@ outputs:
aodh::keystone::authtoken::project_name: 'service'
aodh::keystone::authtoken::password: {get_param: AodhPassword}
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml
index 61f8c23f..56dbb558 100644
--- a/puppet/services/aodh-evaluator.yaml
+++ b/puppet/services/aodh-evaluator.yaml
@@ -40,3 +40,10 @@ outputs:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
include tripleo::profile::base::aodh::evaluator
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-aodh-evaluator is running"
+ shell: /usr/bin/systemctl show 'openstack-aodh-evaluator' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop aodh_evaluator service
+ tags: step2
+ service: name=openstack-aodh-evaluator state=stopped
diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml
index 715165b3..76db0ca8 100644
--- a/puppet/services/aodh-listener.yaml
+++ b/puppet/services/aodh-listener.yaml
@@ -40,3 +40,10 @@ outputs:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
include tripleo::profile::base::aodh::listener
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-aodh-listener is running"
+ shell: /usr/bin/systemctl show 'openstack-aodh-listener' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop aodh_listener service
+ tags: step2
+ service: name=openstack-aodh-listener state=stopped
diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml
index da85581b..30c67635 100644
--- a/puppet/services/aodh-notifier.yaml
+++ b/puppet/services/aodh-notifier.yaml
@@ -40,3 +40,10 @@ outputs:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
include tripleo::profile::base::aodh::notifier
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-aodh-notifier is running"
+ shell: /usr/bin/systemctl show 'openstack-aodh-notifier' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop aodh_notifier service
+ tags: step2
+ service: name=openstack-aodh-notifier state=stopped
diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml
index 07ec1b3c..4c21e02a 100644
--- a/puppet/services/apache-internal-tls-certmonger.yaml
+++ b/puppet/services/apache-internal-tls-certmonger.yaml
@@ -21,6 +21,22 @@ parameters:
via parameter_defaults in the resource registry.
type: json
+resources:
+
+ ApacheNetworks:
+ type: OS::Heat::Value
+ properties:
+ value:
+ # NOTE(jaosorior) Get unique network names to create
+ # certificates for those. We skip the tenant network since
+ # we don't need a certificate for that, and the external
+ # network will be handled in another template.
+ yaql:
+ expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
+ data:
+ map:
+ get_param: ServiceNetMap
+
outputs:
role_data:
description: Role data for the Apache role.
@@ -38,13 +54,16 @@ outputs:
hostname: "%{hiera('fqdn_NETWORK')}"
principal: "HTTP/%{hiera('fqdn_NETWORK')}"
for_each:
- NETWORK:
- # NOTE(jaosorior) Get unique network names to create
- # certificates for those. We skip the tenant network since
- # we don't need a certificate for that, and the external
- # network will be handled in another template.
- yaql:
- expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
- data:
- map:
- get_param: ServiceNetMap
+ NETWORK: {get_attr: [ApacheNetworks, value]}
+ metadata_settings:
+ repeat:
+ template:
+ - service: HTTP
+ network: $NETWORK
+ type: node
+ for_each:
+ $NETWORK: {get_attr: [ApacheNetworks, value]}
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service httpd is running"
+ shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 2e95dcb0..74ddbde8 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -64,3 +64,9 @@ outputs:
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"
+ metadata_settings:
+ get_attr: [ApacheTLS, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service httpd is running"
+ shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
diff --git a/puppet/services/auditd.yaml b/puppet/services/auditd.yaml
new file mode 100644
index 00000000..639631e1
--- /dev/null
+++ b/puppet/services/auditd.yaml
@@ -0,0 +1,34 @@
+heat_template_version: ocata
+
+description: >
+ AuditD configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AuditdRules:
+ description: Mapping of auditd rules
+ type: json
+ default: {}
+
+outputs:
+ role_data:
+ description: Role data for the auditd service
+ value:
+ service_name: auditd
+ config_settings:
+ auditd::rules: {get_param: AuditdRules}
+ step_config: |
+ include ::tripleo::profile::base::auditd
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 000a744c..239b6ca9 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -75,7 +75,7 @@ outputs:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
barbican::keystone::authtoken::project_name: 'service'
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
barbican::api::db_auto_create: false
@@ -136,11 +136,17 @@ outputs:
nova::compute::barbican_endpoint:
get_param: [EndpointMap, BarbicanInternal, uri]
nova::compute::barbican_auth_endpoint:
- get_param: [EndpointMap, KeystoneV3Internal, uri]
+ get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
cinder_api:
cinder::api::keymgr_api_class: >
castellan.key_manager.barbican_key_manager.BarbicanKeyManager
cinder::api::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
cinder::api::keymgr_encryption_auth_url:
- get_param: [EndpointMap, KeystoneV3Internal, uri]
+ get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+ shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml
index b9d8966c..cf8a8a8e 100644
--- a/puppet/services/ceilometer-agent-central.yaml
+++ b/puppet/services/ceilometer-agent-central.yaml
@@ -54,3 +54,10 @@ outputs:
- ceilometer_redis_password: {get_param: RedisPassword}
step_config: |
include ::tripleo::profile::base::ceilometer::agent::central
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-central is running"
+ shell: /usr/bin/systemctl show 'openstack-ceilometer-central' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop ceilometer_agent_central service
+ tags: step2
+ service: name=openstack-ceilometer-central state=stopped
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
index b1d36c94..00042914 100644
--- a/puppet/services/ceilometer-agent-compute.yaml
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -21,6 +21,12 @@ parameters:
MonitoringSubscriptionCeilometerCompute:
default: 'overcloud-ceilometer-agent-compute'
type: string
+ InstanceDiscoveryMethod:
+ default: 'libvirt_metadata'
+ description: Method used to discover instances running on compute node
+ type: string
+ constraints:
+ - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning']
resources:
CeilometerServiceBase:
@@ -37,6 +43,15 @@ outputs:
service_name: ceilometer_agent_compute
monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute}
config_settings:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
+ map_merge:
+ - get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
step_config: |
include ::tripleo::profile::base::ceilometer::agent::compute
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-compute is running"
+ shell: /usr/bin/systemctl show 'openstack-ceilometer-compute' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop ceilometer_agent_compute service
+ tags: step2
+ service: name=openstack-ceilometer-compute state=stopped
diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml
index 9c9a3bd9..760acd65 100644
--- a/puppet/services/ceilometer-agent-notification.yaml
+++ b/puppet/services/ceilometer-agent-notification.yaml
@@ -49,3 +49,10 @@ outputs:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::agent::notification
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-notification is running"
+ shell: /usr/bin/systemctl show 'openstack-ceilometer-notification' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop ceilometer_agent_notification service
+ tags: step2
+ service: name=openstack-ceilometer-notification state=stopped
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index 63e02d4f..741f8da1 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -90,3 +90,9 @@ outputs:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::api
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: Stop ceilometer_api service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index a86a0cdf..5658e416 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -96,13 +96,12 @@ outputs:
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
ceilometer_backend: {get_param: CeilometerBackend}
- ceilometer::metering_secret: {get_param: CeilometerMeteringSecret}
# we include db_sync class in puppet-tripleo
ceilometer::db::sync_db: false
ceilometer::keystone::authtoken::project_name: 'service'
ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml
index 88e7d781..a219f9eb 100644
--- a/puppet/services/ceilometer-collector.yaml
+++ b/puppet/services/ceilometer-collector.yaml
@@ -59,3 +59,10 @@ outputs:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::collector
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-collector is running"
+ shell: /usr/bin/systemctl show 'openstack-ceilometer-collector' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop ceilometer_collector service
+ tags: step2
+ service: name=openstack-ceilometer-collector state=stopped
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index aaa9b039..134f47c4 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -89,23 +89,23 @@ outputs:
ceph::profile::params::fsid: {get_param: CephClusterFSID}
ceph::profile::params::rbd_default_features: {get_param: RbdDefaultFeatures}
ceph::profile::params::client_keys:
- str_replace:
- template: "{
- client.CLIENT_USER: {
- secret: 'CLIENT_KEY',
- mode: '0644',
- cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
- }
- }"
- params:
- CLIENT_USER: {get_param: CephClientUserName}
- CLIENT_KEY: {get_param: CephClientKey}
- NOVA_POOL: {get_param: NovaRbdPoolName}
- CINDER_POOL: {get_param: CinderRbdPoolName}
- CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
- GLANCE_POOL: {get_param: GlanceRbdPoolName}
- GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ map_replace:
+ - CEPH_CLIENT_KEY:
+ secret: {get_param: CephClientKey}
+ mode: '0644'
+ cap_mon: 'allow r'
+ cap_osd:
+ str_replace:
+ template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ params:
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ - keys:
+ CEPH_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: CephClientUserName}]]
ceph::profile::params::manage_repo: false
# FIXME(gfidente): we should not have to list the packages explicitly in
# the templates, but this should stay until the following is fixed:
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 68ad69b7..1ce58335 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -113,3 +113,27 @@ outputs:
get_attr: [CephBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceph::mon
+ upgrade_batch_tasks:
+ # Note we perform these tasks in list order, but they are all step0 so
+ # we can perform a rolling upgrade of all mon nodes in step0, then a
+ # rolling upgrade of all osd nodes in step1
+ - name: Check status
+ tags: step0,validation
+ shell: ceph health | grep -qv HEALTH_ERR
+ # FIXME(shardy) I suspect we can use heat or ansible facts here instead?
+ - name: Get hostname
+ tags: step0
+ shell: hostname -s
+ register: mon_id
+ - name: Stop Ceph Mon
+ tags: step0
+ service: name=ceph-mon@{{mon_id.stdout}} pattern=ceph-mon state=stopped
+ - name: Update ceph packages
+ tags: step0
+ yum: name=ceph-mon state=latest
+ - name: Start ceph-mon service
+ tags: step0
+ service: name=ceph-mon@{{mon_id.stdout}} state=started
+ - name: ceph osd crush tunables default
+ tags: step0
+ shell: ceph osd crush tunables default
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
index df0ee6c3..9bd83aab 100644
--- a/puppet/services/ceph-osd.yaml
+++ b/puppet/services/ceph-osd.yaml
@@ -45,3 +45,47 @@ outputs:
- '6800-7300'
step_config: |
include ::tripleo::profile::base::ceph::osd
+ upgrade_batch_tasks:
+ - name: Check status
+ tags: step1,validation
+ shell: ceph health | grep -qv HEALTH_ERR
+ - name: Get OSD IDs
+ tags: step1
+ shell: ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }'
+ register: osd_ids
+ # "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb
+ - name: ceph osd set noout
+ tags: step1
+ command: ceph osd set noout
+ - name: ceph osd set norebalance
+ tags: step1
+ command: ceph osd set norebalance
+ - name: ceph osd set nodeep-scrub
+ tags: step1
+ command: ceph osd set nodeep-scrub
+ - name: ceph osd set noscrub
+ tags: step1
+ command: ceph osd set noscrub
+ - name: Stop Ceph OSD
+ tags: step1
+ service: name=ceph-osd@{{ item }} state=stopped
+ with_items: "{{osd_ids.stdout.strip().split()}}"
+ - name: Update ceph OSD packages
+ tags: step1
+ yum: name=ceph-osd state=latest
+ - name: Start ceph-osd service
+ tags: step1
+ service: name=ceph-osd@{{ item }} state=started
+ with_items: "{{osd_ids.stdout.strip().split()}}"
+ - name: ceph osd unset noout
+ tags: step1
+ command: ceph osd unset noout
+ - name: ceph osd unset norebalance
+ tags: step1
+ command: ceph osd unset norebalance
+ - name: ceph osd unset nodeep-scrub
+ tags: step1
+ command: ceph osd unset nodeep-scrub
+ - name: ceph osd unset noscrub
+ tags: step1
+ command: ceph osd unset noscrub
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index 6448387c..d7014e54 100644
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -54,10 +54,14 @@ outputs:
- get_attr: [CephBase, role_data, config_settings]
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
- tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
- ceph::params::user_radosgw: ceph
+ tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
+ ceph::profile::params::rgw_keystone_admin_domain: default
+ ceph::profile::params::rgw_keystone_admin_project: service
+ ceph::profile::params::rgw_keystone_admin_user: swift
+ ceph::profile::params::rgw_keystone_admin_password: {get_param: SwiftPassword}
tripleo.ceph_rgw.firewall_rules:
'122 ceph rgw':
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
@@ -68,7 +72,19 @@ outputs:
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
- ceph::rgw::keystone::auth::user: 'swift'
- ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
- ceph::rgw::keystone::auth::tenant: 'service'
+ ceph::rgw::keystone::auth::roles: [ 'admin', 'member', '_member_' ]
+ ceph::rgw::keystone::auth::tenant: service
+ ceph::rgw::keystone::auth::user: swift
+ ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
+ upgrade_tasks:
+ - name: Gather RGW instance ID
+ tags: step0
+ shell: hiera -c /etc/puppet/hiera.yaml ceph::profile::params::rgw_name radosgw.gateway
+ register: rgw_id
+ - name: Check status
+ shell: /usr/bin/systemctl show ceph-radosgw@{{rgw_id.stdout}} --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop RGW instance
+ tags: step1
+ service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 963ebd63..8c5a07ac 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -81,7 +81,7 @@ outputs:
- get_attr: [CinderBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
cinder::keystone::authtoken::project_name: 'service'
cinder::api::enable_proxy_headers_parsing: true
@@ -91,7 +91,6 @@ outputs:
cinder::config:
DEFAULT/swift_catalog_info:
value: 'object-store:swift:internalURL'
- cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
tripleo.cinder_api.firewall_rules:
'119 cinder':
@@ -147,7 +146,12 @@ outputs:
cinder::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: check for cinder running under apache (post upgrade)
tags: step2
shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder"
diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml
new file mode 100644
index 00000000..1f15c53e
--- /dev/null
+++ b/puppet/services/cinder-backend-dellps.yaml
@@ -0,0 +1,85 @@
+# Copyright (c) 2017 Dell Inc. or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Dell EMC PS Series backend
+
+parameters:
+ CinderEnableDellPsBackend:
+ type: boolean
+ default: true
+ CinderDellPsBackendName:
+ type: string
+ default: 'tripleo_dellps'
+ CinderDellPsSanIp:
+ type: string
+ CinderDellPsSanLogin:
+ type: string
+ CinderDellPsSanPassword:
+ type: string
+ hidden: true
+ CinderDellPsSanThinProvision:
+ type: boolean
+ default: true
+ CinderDellPsGroupname:
+ type: string
+ default: 'group-0'
+ CinderDellPsPool:
+ type: string
+ default: 'default'
+ CinderDellPsChapLogin:
+ type: string
+ default: ''
+ CinderDellPsChapPassword:
+ type: string
+ default: ''
+ CinderDellPsUseChap:
+ type: boolean
+ default: false
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC PS Series backend.
+ value:
+ service_name: cinder_backend_dellps
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellps_backend: {get_param: CinderEnableDellPsBackend}
+ cinder::backend::eqlx::volume_backend_name: {get_param: CinderDellPsBackendName}
+ cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp}
+ cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin}
+ cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword}
+ cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision}
+ cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname}
+ cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool}
+ cinder::backend::eqlx::eqlx_use_chap: {get_param: CinderDellPsUseChap}
+ cinder::backend::eqlx::eqlx_chap_login: {get_param: CinderDellPsChapLogin}
+ cinder::backend::eqlx::eqlx_chap_password: {get_param: CinderDellPsChapPassword}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml
new file mode 100644
index 00000000..6a6196ac
--- /dev/null
+++ b/puppet/services/cinder-backend-dellsc.yaml
@@ -0,0 +1,85 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Dell EMC Storage Center backend
+
+parameters:
+ CinderEnableDellScBackend:
+ type: boolean
+ default: true
+ CinderDellScBackendName:
+ type: string
+ default: 'tripleo_dellsc'
+ CinderDellScSanIp:
+ type: string
+ CinderDellScSanLogin:
+ type: string
+ default: 'Admin'
+ CinderDellScSanPassword:
+ type: string
+ hidden: true
+ CinderDellScSsn:
+ type: number
+ default: 64702
+ CinderDellScIscsiIpAddress:
+ type: string
+ default: ''
+ CinderDellScIscsiPort:
+ type: number
+ default: 3260
+ CinderDellScApiPort:
+ type: number
+ default: 3033
+ CinderDellScServerFolder:
+ type: string
+ default: 'dellsc_server'
+ CinderDellScVolumeFolder:
+ type: string
+ default: 'dellsc_volume'
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC Storage Center backend.
+ value:
+ service_name: cinder_backend_dellsc
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_param: CinderEnableDellScBackend}
+ cinder::backend::dellsc_iscsi::volume_backend_name: {get_param: CinderDellScBackendName}
+ cinder::backend::dellsc_iscsi::san_ip: {get_param: CinderDellScSanIp}
+ cinder::backend::dellsc_iscsi::san_login: {get_param: CinderDellScSanLogin}
+ cinder::backend::dellsc_iscsi::san_password: {get_param: CinderDellScSanPassword}
+ cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_param: CinderDellScSsn}
+ cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_param: CinderDellScIscsiIpAddress}
+ cinder::backend::dellsc_iscsi::iscsi_port: {get_param: CinderDellScIscsiPort}
+ cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort}
+ cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder}
+ cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-backend-scaleio.yaml b/puppet/services/cinder-backend-scaleio.yaml
new file mode 100644
index 00000000..eb709cd5
--- /dev/null
+++ b/puppet/services/cinder-backend-scaleio.yaml
@@ -0,0 +1,111 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Dell EMC ScaleIO backend
+
+parameters:
+ CinderEnableScaleIOBackend:
+ type: boolean
+ default: true
+ CinderScaleIOBackendName:
+ type: string
+ default: 'tripleo_scaleio'
+ CinderScaleIOSanIp:
+ type: string
+ default: ''
+ CinderScaleIOSanLogin:
+ type: string
+ default: ''
+ CinderScaleIOSanPassword:
+ type: string
+ default: ''
+ hidden: true
+ CinderScaleIORestServerPort:
+ type: number
+ default: 443
+ CinderScaleIOVerifyServerCertificate:
+ type: boolean
+ default: false
+ CinderScaleIOServerCertificatePath:
+ type: string
+ default: ''
+ CinderScaleIOProtectionDomainId:
+ type: string
+ default: ''
+ CinderScaleIOProtectionDomainName:
+ type: string
+ default: ''
+ CinderScaleIOStoragePoolId:
+ type: string
+ default: ''
+ CinderScaleIOStoragePoolName:
+ type: string
+ default: ''
+ CinderScaleIOStoragePools:
+ type: string
+ default: ''
+ CinderScaleIORoundVolumeCapacity:
+ type: boolean
+ default: true
+ CinderScaleIOUnmapVolumeBeforeDeletion:
+ type: boolean
+ default: false
+ CinderScaleIOMaxOverSubscriptionRatio:
+ type: string
+ default: ''
+ CinderScaleIOSanThinProvision:
+ type: boolean
+ default: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC ScaleIO backend.
+ value:
+ service_name: cinder_backend_scaleio
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_scaleio_backend: {get_param: CinderEnableScaleIOBackend}
+ cinder::backend::scaleio::volume_backend_name: {get_param: CinderScaleIOBackendName}
+ cinder::backend::scaleio::sio_login: {get_param: CinderScaleIOSanLogin}
+ cinder::backend::scaleio::sio_password: {get_param: CinderScaleIOSanPassword}
+ cinder::backend::scaleio::sio_server_hostname: {get_param: CinderScaleIOSanIp}
+ cinder::backend::scaleio::sio_server_port: {get_param: CinderScaleIORestServerPort}
+ cinder::backend::scaleio::sio_verify_server_certificate: {get_param: CinderScaleIOVerifyServerCertificate}
+ cinder::backend::scaleio::sio_server_certificate_path: {get_param: CinderScaleIOServerCertificatePath}
+ cinder::backend::scaleio::sio_protection_domain_name: {get_param: CinderScaleIOProtectionDomainName}
+ cinder::backend::scaleio::sio_protection_domain_id: {get_param: CinderScaleIOProtectionDomainId}
+ cinder::backend::scaleio::sio_storage_pool_id: {get_param: CinderScaleIOStoragePoolId}
+ cinder::backend::scaleio::sio_storage_pool_name: {get_param: CinderScaleIOStoragePoolName}
+ cinder::backend::scaleio::sio_storage_pools: {get_param: CinderScaleIOStoragePools}
+ cinder::backend::scaleio::sio_round_volume_capacity: {get_param: CinderScaleIORoundVolumeCapacity}
+ cinder::backend::scaleio::sio_unmap_volume_before_deletion: {get_param: CinderScaleIOUnmapVolumeBeforeDeletion}
+ cinder::backend::scaleio::sio_max_over_subscription_ratio: {get_param: CinderScaleIOMaxOverSubscriptionRatio}
+ cinder::backend::scaleio::sio_thin_provision: {get_param: CinderScaleIOThinProvision}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml
index 91c9ff5e..a5d7fcf1 100644
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@@ -119,3 +119,4 @@ outputs:
cinder::cron::db_purge::user: {get_param: CinderCronDbPurgeUser}
cinder::cron::db_purge::age: {get_param: CinderCronDbPurgeAge}
cinder::cron::db_purge::destination: {get_param: CinderCronDbPurgeDestination}
+ cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml
index 6a0b1f24..f102810e 100644
--- a/puppet/services/cinder-scheduler.yaml
+++ b/puppet/services/cinder-scheduler.yaml
@@ -52,6 +52,9 @@ outputs:
step_config: |
include ::tripleo::profile::base::cinder::scheduler
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-scheduler is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-scheduler' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop cinder_scheduler service
tags: step2
service: name=openstack-cinder-scheduler state=stopped
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index 8834eaa5..3a06afb8 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -116,9 +116,9 @@ outputs:
step_config: |
include ::tripleo::profile::base::cinder::volume
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-volume' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop cinder_volume service
tags: step2
service: name=openstack-cinder-volume state=stopped
- - name: Sync cinder_volume DB
- tags: step5
- command: cinder-manage db sync
diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
new file mode 100644
index 00000000..1b82f55c
--- /dev/null
+++ b/puppet/services/congress.yaml
@@ -0,0 +1,90 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Congress service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CongressPassword:
+ description: The password for the congress service account.
+ type: string
+ hidden: true
+ Debug:
+ type: string
+ default: ''
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Congress role.
+ value:
+ service_name: congress
+ config_settings:
+ congress_password: {get_param: CongressPassword}
+ congress::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://congress:'
+ - {get_param: CongressPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/congress'
+ - '?bind_address='
+ - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ congress::keystone::auth::tenant: 'service'
+ congress::keystone::auth::password: {get_param: CongressPassword}
+ congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ congress::debug: {get_param: Debug}
+ congress::rpc_backend: rabbit
+ congress::rabbit_userid: {get_param: RabbitUserName}
+ congress::rabbit_password: {get_param: RabbitPassword}
+ congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ congress::rabbit_port: {get_param: RabbitClientPort}
+ congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]}
+
+ congress::db::mysql::password: {get_param: CongressPassword}
+ congress::db::mysql::user: congress
+ congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ congress::db::mysql::dbname: congress
+ congress::db::mysql::allowed_hosts:
+ - '%'
+ - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+
+
+ step_config: |
+ include ::tripleo::profile::base::congress
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 8290cae7..63ec4446 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -66,3 +66,10 @@ outputs:
mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
step_config: |
include ::tripleo::profile::base::database::mongodb
+ upgrade_tasks:
+ - name: Stop mongodb service
+ tags: step2
+ service: name=mongod state=stopped
+ - name: Start mongodb service
+ tags: step4
+ service: name=mongod state=started
diff --git a/puppet/services/database/mysql-internal-tls-certmonger.yaml b/puppet/services/database/mysql-internal-tls-certmonger.yaml
index 56d037e7..9f7eaf57 100644
--- a/puppet/services/database/mysql-internal-tls-certmonger.yaml
+++ b/puppet/services/database/mysql-internal-tls-certmonger.yaml
@@ -41,3 +41,7 @@ outputs:
template: "mysql/%{hiera('cloud_name_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ metadata_settings:
+ - service: mysql
+ network: {get_param: [ServiceNetMap, MysqlNetwork]}
+ type: vip
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 7e12894f..808f1353 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -34,6 +34,10 @@ parameters:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
+ NovaPassword:
+ description: The password for the nova db account
+ type: string
+ hidden: true
resources:
@@ -94,6 +98,8 @@ outputs:
{get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
include ::tripleo::profile::base::database::mysql
+ metadata_settings:
+ get_attr: [MySQLTLS, role_data, metadata_settings]
upgrade_tasks:
- name: Check for galera root password
tags: step0
@@ -104,4 +110,15 @@ outputs:
- name: Start service
tags: step4
service: name=mariadb state=started
-
+ - name: Setup cell_v2 (create cell0 database)
+ tags: step4
+ mysql_db:
+ name: nova_cell0
+ state: present
+ - name: Setup cell_v2 (grant access to the nova DB user)
+ tags: step4
+ mysql_user:
+ str_replace:
+ template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present"
+ params:
+ PASSWORD: {get_param: NovaPassword}
diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry.yaml
new file mode 100644
index 00000000..4d22bddc
--- /dev/null
+++ b/puppet/services/disabled/glance-registry.yaml
@@ -0,0 +1,30 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Glance Registry service, disabled since ocata
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the disabled Glance Registry role.
+ value:
+ service_name: glance_registry
+ upgrade_tasks:
+ - name: Stop and disable glance_registry service on upgrade
+ tags: step2
+ service: name=openstack-glance-registry state=stopped enabled=no
diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml
new file mode 100644
index 00000000..002342b6
--- /dev/null
+++ b/puppet/services/ec2-api.yaml
@@ -0,0 +1,118 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack EC2-API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Ec2ApiWorkers:
+ default: 0
+ description: Number of workers for EC2-API service.
+ type: number
+ Ec2ApiPassword:
+ description: The password for the nova service and db account, used by nova-api.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionEc2Api:
+ default: 'overcloud-ec2-api'
+ type: string
+ Ec2ApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.ec2.api
+ path: /var/log/ec2api/ec2api.log
+ EnablePackageInstall:
+ default: 'false'
+ description: Set to true to enable package installation via Puppet
+ type: boolean
+
+
+conditions:
+ nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}
+
+outputs:
+ role_data:
+ description: Role data for the EC2-API service.
+ value:
+ service_name: ec2_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionEc2Api}
+ logging_source: {get_param: Ec2ApiLoggingSource}
+ logging_groups:
+ - nova
+ config_settings:
+ map_merge:
+ - tripleo.ec2_api.firewall_rules:
+ '113 ec2_api':
+ dport:
+ - 8788
+ - 13788
+ ec2api::keystone::authtoken::project_name: 'service'
+ ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
+ ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ ec2api::api::enabled: true
+ ec2api::package_manage: {get_param: EnablePackageInstall}
+ ec2api::api::ec2api_listen:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
+ ec2api::metadata::metadata_listen:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
+ ec2api::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://ec2_api:'
+ - {get_param: Ec2ApiPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ec2_api'
+ - '?bind_address='
+ - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ -
+ if:
+ - nova_workers_zero
+ - {}
+ - ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
+ ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
+ step_config: |
+ include tripleo::profile::base::nova::ec2api
+ service_config_settings:
+ keystone:
+ ec2api::keystone::auth::tenant: 'service'
+ ec2api::keystone::auth::public_url: {get_param: [EndpointMap, Ec2ApiPublic, uri]}
+ ec2api::keystone::auth::internal_url: {get_param: [EndpointMap, Ec2ApiInternal, uri]}
+ ec2api::keystone::auth::admin_url: {get_param: [EndpointMap, Ec2ApiAdmin, uri]}
+ ec2api::keystone::auth::password: {get_param: Ec2ApiPassword}
+ ec2api::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ ec2api::db::mysql::password: {get_param: Ec2ApiPassword}
+ ec2api::db::mysql::user: ec2_api
+ ec2api::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ ec2api::db::mysql::dbname: ec2_api
+ ec2api::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 3ddb1927..c4f97d54 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -45,8 +45,23 @@ parameters:
default:
tag: openstack.glance.api
path: /var/log/glance/api.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
+
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
GlanceBase:
type: ./glance-base.yaml
properties:
@@ -66,6 +81,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [GlanceBase, role_data, config_settings]
+ - get_attr: [TLSProxyBase, role_data, config_settings]
- glance::api::database_connection:
list_join:
- ''
@@ -79,7 +95,7 @@ outputs:
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
@@ -100,18 +116,34 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ tripleo::profile::base::glance::api::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ tripleo::profile::base::glance::api::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ tripleo::profile::base::glance::api::tls_proxy_port:
+ get_param: [EndpointMap, GlanceInternal, port]
+ # Bind to localhost if internal TLS is enabled, since we put a TLs
+ # proxy in front.
+ glance::api::bind_host:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
service_config_settings:
get_attr: [GlanceBase, role_data, service_config_settings]
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
+ shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop glance_api service
tags: step2
service: name=openstack-glance-api state=stopped
- name: Stop and disable glance registry (removed for Ocata)
tags: step2
service: name=openstack-glance-registry state=stopped enabled=no
- - name: Sync glance_api DB
- tags: step5
- command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 3929e005..22c0967e 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -84,7 +84,7 @@ outputs:
gnocchi::api::enable_proxy_headers_parsing: true
gnocchi::api::service_name: 'httpd'
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::keystone::authtoken::project_name: 'service'
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
@@ -103,15 +103,9 @@ outputs:
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
- gnocchi::api::host:
- str_replace:
- template:
- "%{hiera('fqdn_$NETWORK')}"
- params:
- $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
@@ -131,3 +125,9 @@ outputs:
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: Stop gnocchi_api service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index d92b1766..8fddae4b 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -69,7 +69,7 @@ outputs:
- '/gnocchi'
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
- gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
+ gnocchi::db::sync::extra_opts: '--skip-storage'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index e5f9a8e7..1337b0cb 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -22,7 +22,7 @@ parameters:
default: 'overcloud-gnocchi-metricd'
type: string
GnocchiMetricdWorkers:
- default: ''
+ default: '%{::os_workers}'
description: Number of workers for Gnocchi MetricD
type: string
@@ -46,3 +46,10 @@ outputs:
- gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers}
step_config: |
include ::tripleo::profile::base::gnocchi::metricd
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-metricd is running"
+ shell: /usr/bin/systemctl show 'openstack-gnocchi-metricd' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop gnocchi_metricd service
+ tags: step2
+ service: name=openstack-gnocchi-metricd state=stopped
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
index df438b37..41222a79 100644
--- a/puppet/services/gnocchi-statsd.yaml
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -45,3 +45,10 @@ outputs:
proto: 'udp'
step_config: |
include ::tripleo::profile::base::gnocchi::statsd
+ upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-statsd is running"
+ shell: /usr/bin/systemctl show 'openstack-gnocchi-statsd' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop gnocchi_statsd service
+ tags: step2
+ service: name=openstack-gnocchi-statsd state=stopped
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 77457593..ae226163 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -19,6 +19,22 @@ parameters:
via parameter_defaults in the resource registry.
type: json
+resources:
+
+ HAProxyNetworks:
+ type: OS::Heat::Value
+ properties:
+ value:
+ # NOTE(jaosorior) Get unique network names to create
+ # certificates for those. We skip the tenant network since
+ # we don't need a certificate for that, and the external
+ # network will be handled in another template.
+ yaql:
+ expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
+ data:
+ map:
+ get_param: ServiceNetMap
+
outputs:
role_data:
description: Role data for the HAProxy internal TLS via certmonger role.
@@ -39,13 +55,12 @@ outputs:
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
for_each:
- NETWORK:
- # NOTE(jaosorior) Get unique network names to create
- # certificates for those. We skip the tenant network since
- # we don't need a certificate for that, and the external
- # network will be handled in another template.
- yaql:
- expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
- data:
- map:
- get_param: ServiceNetMap
+ NETWORK: {get_attr: [HAProxyNetworks, value]}
+ metadata_settings:
+ repeat:
+ template:
+ - service: haproxy
+ network: $NETWORK
+ type: vip
+ for_each:
+ $NETWORK: {get_attr: [HAProxyNetworks, value]}
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index 227697b9..6013b026 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -35,3 +35,7 @@ outputs:
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
+ metadata_settings:
+ - service: haproxy
+ network: external
+ type: vip
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 9049c901..358698dd 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -78,9 +78,18 @@ outputs:
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service haproxy is running"
+ shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop haproxy service
tags: step1
service: name=haproxy state=stopped
- name: Start haproxy service
tags: step4 # Needed at step 4 for mysql
service: name=haproxy state=started
+ metadata_settings:
+ yaql:
+ expression: '[].concat(coalesce($.data.internal, []), coalesce($.data.public, []))'
+ data:
+ public: {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
+ internal: {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 28317dd3..7bd2fcf1 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -85,6 +85,9 @@ outputs:
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cfn is running"
+ shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cfn' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop heat_api_cfn service
tags: step2
service: name=openstack-heat-api-cfn state=stopped
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 5de25ab8..0954ad19 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -67,6 +67,9 @@ outputs:
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-heat-api-cloudwatch is running"
+ shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api-cloudwatch' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop heat_api_cloudwatch service
tags: step2
service: name=openstack-heat-api-cloudwatch state=stopped
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 0ce8e1fa..ae656b1e 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -85,6 +85,9 @@ outputs:
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-heat-api is running"
+ shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-api' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop heat_api service
tags: step2
service: name=openstack-heat-api state=stopped
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 90943751..b4d314f4 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -122,7 +122,7 @@ outputs:
heat::rabbit_heartbeat_timeout_threshold: 60
heat::keystone::authtoken::project_name: 'service'
heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
heat::keystone::authtoken::password: {get_param: HeatPassword}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 976d413c..e85b7537 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -138,9 +138,9 @@ outputs:
# This is needed because the keystone profile handles creating the domain
tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service openstack-heat-engine is running"
+ shell: echo o/ #TODO uncomment when /#/c/423302/ : /usr/bin/systemctl show 'openstack-heat-engine' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop heat_engine service
tags: step2
service: name=openstack-heat-engine state=stopped
- - name: Sync heat_engine DB
- tags: step5
- command: heat-manage --config-file /etc/heat/heat.conf db_sync
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index cf35d202..2111021b 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -27,6 +27,14 @@ parameters:
description: A list of IP/Hostname for the server Horizon is running on.
Used for header checks.
type: comma_delimited_list
+ HorizonPasswordValidator:
+ description: Regex for password validation
+ type: string
+ default: ''
+ HorizonPasswordValidatorHelp:
+ description: Help text for password validation
+ type: string
+ default: ''
HorizonSecret:
description: Secret key for Django
type: string
@@ -71,6 +79,8 @@ outputs:
options: ['FollowSymLinks','MultiViews']
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::password_validator: {get_param: [HorizonPasswordValidator]}
+ horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
horizon::secret_key:
yaql:
expression: $.data.passwords.where($ != '').first()
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index aebb37b2..a84df538 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -25,6 +25,10 @@ parameters:
MonitoringSubscriptionIronicApi:
default: 'overcloud-ironic-api'
type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
resources:
IronicBase:
@@ -47,7 +51,7 @@ outputs:
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
@@ -73,6 +77,7 @@ outputs:
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
+ ironic::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
ironic::db::mysql::password: {get_param: IronicPassword}
ironic::db::mysql::user: ironic
@@ -81,3 +86,7 @@ outputs:
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ upgrade_tasks:
+ - name: Stop ironic_api service
+ tags: step2
+ service: name=openstack-ironic-api state=stopped
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 194afec7..739db13c 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -24,6 +24,14 @@ parameters:
"full" for full cleaning, "metadata" to clean only disk
metadata (partition table).
type: string
+ IronicCleaningNetwork:
+ default: 'provisioning'
+ description: Name or UUID of the *overcloud* network used for cleaning
+ bare metal nodes. The default value of "provisioning" can be
+ left during the initial deployment (when no networks are
+ created yet) and should be changed to an actual UUID in
+ a post-deployment stack update.
+ type: string
IronicEnabledDrivers:
default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
description: Enabled Ironic drivers
@@ -61,6 +69,7 @@ outputs:
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
+ ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
# We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
@@ -98,3 +107,7 @@ outputs:
step_config: |
include ::tripleo::profile::base::ironic::conductor
+ upgrade_tasks:
+ - name: Stop ironic_conductor service
+ tags: step2
+ service: name=openstack-ironic-conductor state=stopped
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 434f0a33..b2374ec4 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -310,6 +310,5 @@ outputs:
- name: Stop keystone service (running under httpd)
tags: step2
service: name=httpd state=stopped
- - name: Sync keystone DB
- tags: step5
- command: keystone-manage db_sync
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml
index 769ab68f..94c63d33 100644
--- a/puppet/services/logging/fluentd-client.yaml
+++ b/puppet/services/logging/fluentd-client.yaml
@@ -62,3 +62,12 @@ outputs:
get_attr: [LoggingConfiguration, LoggingSharedKey]
step_config: |
include ::tripleo::profile::base::logging::fluentd
+ upgrade_tasks:
+ - name: Check status of fluentd service
+ shell: >
+ /usr/bin/systemctl show fluentd --property ActiveState |
+ grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop fluentd service
+ tags: step2
+ service: name=fluentd state=stopped
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index b7c64823..7b78c82e 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -49,7 +49,7 @@ outputs:
- get_attr: [ManilaBase, role_data, config_settings]
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
tripleo.manila_api.firewall_rules:
'150 manila':
@@ -64,6 +64,7 @@ outputs:
# internal_api_subnet - > IP/CIDR
manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
manila::api::enable_proxy_headers_parsing: true
+ manila::api::default_share_type: 'default'
step_config: |
include ::tripleo::profile::base::manila::api
service_config_settings:
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
index e38fe675..6ac0d2cf 100644
--- a/puppet/services/manila-share.yaml
+++ b/puppet/services/manila-share.yaml
@@ -46,7 +46,7 @@ outputs:
- manila::volume::cinder::cinder_admin_tenant_name: 'service'
manila::keystone::authtoken::password: {get_param: ManilaPassword}
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
service_config_settings:
get_attr: [ManilaBase, role_data, service_config_settings]
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index ffa969e0..146cc306 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -18,6 +18,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MemcachedMaxMemory:
+ default: '50%'
+ description: The maximum amount of memory for memcached to be configured
+ to use when installed. This can be either a percentage ('50%')
+ or a fixed value ('2048').
+ type: string
MonitoringSubscriptionMemcached:
default: 'overcloud-memcached'
type: string
@@ -35,8 +41,17 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
+ memcached::max_memory: {get_param: MemcachedMaxMemory}
tripleo.memcached.firewall_rules:
'121 memcached':
dport: 11211
step_config: |
include ::tripleo::profile::base::memcached
+ service_config_settings:
+ collectd:
+ tripleo.collectd.plugins.memcached:
+ - memcached
+ collectd::plugin::memcached::instances:
+ local:
+ host: "%{hiera('memcached::listen_ip')}"
+ port: 11211
diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml
new file mode 100644
index 00000000..a3e3b842
--- /dev/null
+++ b/puppet/services/metrics/collectd.yaml
@@ -0,0 +1,120 @@
+heat_template_version: ocata
+
+description: Collectd client service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ CollectdDefaultPlugins:
+ default:
+ - disk
+ - interface
+ - load
+ - memory
+ - processes
+ - tcpconns
+ type: comma_delimited_list
+ description: >
+ List of collectd plugins to activate on all overcloud hosts. See
+ the documentation for the puppet-collectd module for a list plugins
+ supported by the module (https://github.com/voxpupuli/puppet-collectd).
+ Set this key to override the default list of plugins. Use
+ CollectdExtraPlugins if you want to load additional plugins without
+ overriding the defaults.
+ CollectdExtraPlugins:
+ default: []
+ type: comma_delimited_list
+ description: >
+ List of collectd plugins to activate on all overcloud hosts. See
+ the documentation for the puppet-collectd module for a list plugins
+ supported by the module (https://github.com/voxpupuli/puppet-collectd).
+ Set this key to load plugins in addition to those in
+ CollectdDefaultPlugins.
+ CollectdServer:
+ type: string
+ description: >
+ Address of remote collectd server to which we will send
+ metrics.
+ default: ''
+ CollectdServerPort:
+ type: number
+ default: 25826
+ description: >
+ Port on remote collectd server to which we will send
+ metrics.
+ CollectdUsername:
+ type: string
+ description: >
+ Username for authenticating to the remote collectd server. The default
+ is to not configure any authentication.
+ default: ''
+ CollectdPassword:
+ type: string
+ hidden: true
+ description: >
+ Password for authenticating to the remote collectd server. The
+ default is to not configure any authentication.
+ default: ''
+ CollectdSecurityLevel:
+ type: string
+ description: >
+ Security level setting for remote collectd connection.
+ default: 'None'
+ constraints:
+ - allowed_values:
+ - None
+ - Sign
+ - Encrypt
+
+outputs:
+ role_data:
+ description: Role data for the Collectd client role.
+ value:
+ service_name: collectd
+ config_settings:
+ collectd::manage_repo: false
+ collectd::purge: true
+ collectd::recurse: true
+ collectd::purge_config: true
+ collectd::minimum_version: "5.7"
+ tripleo::profile::base::metrics::collectd::collectd_server:
+ get_param: CollectdServer
+ tripleo::profile::base::metrics::collectd::collectd_port:
+ get_param: CollectdServerPort
+ tripleo::profile::base::metrics::collectd::collectd_username:
+ get_param: CollectdUsername
+ tripleo::profile::base::metrics::collectd::collectd_password:
+ get_param: CollectdPassword
+ tripleo::profile::base::metrics::collectd::collectd_securitylevel:
+ get_param: CollectdSecurityLevel
+ tripleo.collectd.plugins.collectd:
+ yaql:
+ data:
+ default_plugins: {get_param: CollectdDefaultPlugins}
+ extra_plugins: {get_param: CollectdExtraPlugins}
+ expression: >
+ ($.data.default_plugins + $.data.extra_plugins)
+ .flatten().distinct()
+ step_config: |
+ include ::tripleo::profile::base::metrics::collectd
+ upgrade_tasks:
+ - name: Check status of collectd service
+ shell: >
+ /usr/bin/systemctl show collectd --property ActiveState |
+ grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop collectd service
+ tags: step2
+ service: name=collectd state=stopped
diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml
index e678b14f..4d020498 100644
--- a/puppet/services/mistral-base.yaml
+++ b/puppet/services/mistral-base.yaml
@@ -76,7 +76,7 @@ outputs:
mistral::keystone_tenant: 'service'
mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
- mistral::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ mistral::identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
service_config_settings:
keystone:
mistral::keystone::auth::tenant: 'service'
diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml
index 76ba59c1..d74a68a2 100644
--- a/puppet/services/monitoring/sensu-client.yaml
+++ b/puppet/services/monitoring/sensu-client.yaml
@@ -62,3 +62,12 @@ outputs:
region: {get_param: KeystoneRegion}
step_config: |
include ::tripleo::profile::base::monitoring::sensu
+ upgrade_tasks:
+ - name: Check status of sensu-client service
+ shell: >
+ /usr/bin/systemctl show sensu-client --property ActiveState |
+ grep '\bactive\b'
+ tags: step0,validation
+ - name: Stop sensu-client service
+ tags: step2
+ service: name=sensu-client state=stopped
diff --git a/puppet/services/network/contrail-analytics-database.yaml b/puppet/services/network/contrail-analytics-database.yaml
new file mode 100644
index 00000000..67341ed3
--- /dev/null
+++ b/puppet/services/network/contrail-analytics-database.yaml
@@ -0,0 +1,43 @@
+heat_template_version: ocata
+
+description: >
+ Contrail Analytics Database service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Analytics Database.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Analytics Database using composable services.
+ value:
+ service_name: contrail_analytics_database
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::analytics::database::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsDatabaseNetwork]}
+ step_config: |
+ include ::tripleo::network::contrail::analyticsdatabase
diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml
index ad14d315..e3e0ec4b 100644
--- a/puppet/services/network/contrail-analytics.yaml
+++ b/puppet/services/network/contrail-analytics.yaml
@@ -21,44 +21,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailAnalyticsHostIP:
- description: host IP address of Analytics
- type: string
- ContrailAnalyticsRedisServerIp:
- description: Redis server ip address
- type: string
- ContrailAnalyticsCollectorServerHttpPort:
- description: Collector http port
- type: number
- default: 8089
- ContrailAnalyticsCollectorSandeshPort:
- description: Collector sandesh port
- type: number
- default: 8086
- ContrailAnalyticsHttpServerPort:
- description: Analytics http port
- type: number
- default: 8090
- ContrailAnalyticsListenAddress:
- default: '0.0.0.0'
- description: IP address Config API is listening on
- type: string
- ContrailAnalyticsListenPort:
- default: 8082
- description: Port Config API is listening on
- type: number
- ContrailAnalyticsRedisServerPort:
- description: Redis server port
- type: number
- default: 6379
- ContrailAnalyticsRestApiIp:
- description: IP address Analytics rest interface listens on
- type: string
- default: '0.0.0.0'
- ContrailAnalyticsRestApiPort:
- description: Analytics rest port
- type: number
- default: 8081
resources:
ContrailBase:
@@ -76,15 +38,14 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorServerHttpPort}
- contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandeshPort}
- contrail::analytics::host_ip: {get_param: ContrailAnalyticsHostIP}
- contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttpServerPort}
- contrail::analytics::listen_ip_address: {get_param: ContrailAnalyticsListenAddress}
- contrail::analytics::listen_port: {get_param: ContrailAnalyticsListenPort}
- contrail::analytics::redis_server: {get_param: ContrailAnalyticsRedisServerIp}
- contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedisServerPort}
- contrail::analytics::rest_api_ip: {get_param: ContrailAnalyticsRestApiIp}
- contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsRestApiPort}
+ - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]}
+ contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]}
+ contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
+ contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]}
+ contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
+ contrail::analytics::redis_server: '127.0.0.1'
+ contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]}
+ contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
+ contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]}
step_config: |
include ::tripleo::network::contrail::analytics
diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml
index b49b2add..bc56a3ca 100644
--- a/puppet/services/network/contrail-base.yaml
+++ b/puppet/services/network/contrail-base.yaml
@@ -18,47 +18,42 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ContrailAAAMode:
+ description: AAAmode can be no-auth, cloud-admin or rbac
+ type: string
+ default: 'rbac'
+ ContrailAAAModeAnalytics:
+ description: AAAmode for analytics can be no-auth, cloud-admin or rbac
+ type: string
+ default: 'no-auth'
AdminPassword:
description: Keystone admin user password
type: string
+ hidden: true
AdminTenantName:
description: Keystone admin tenant name
type: string
+ default: 'admin'
AdminToken:
description: Keystone admin token
type: string
+ hidden: true
AdminUser:
description: Keystone admin user name
type: string
- AuthHost:
- description: Keystone host IP address
- type: string
- AuthPort:
- default: 35357
- description: Keystone port
+ default: 'admin'
+ AuthPortSSL:
+ default: 13357
+ description: Keystone SSL port
+ type: number
+ AuthPortSSLPublic:
+ default: 13000
+ description: Keystone Public SSL port
type: number
- AuthProtocol:
- default: 'http'
- description: Keystone authentication protocol
- type: string
- ContrailDiscoveryServerIp:
- description: Discovery server ip address
- type: string
- ContrailKafkaBrokerList:
- description: List of kafka servers
- type: comma_delimited_list
ContrailAuth:
default: 'keystone'
description: Keystone authentication method
type: string
- ContrailCassandraServerList:
- default: []
- description: List of cassandra servers
- type: comma_delimited_list
- ContrailDiscoveryServerPort:
- description: Discovery server port
- type: number
- default: 5998
ContrailInsecure:
default: false
description: Keystone insecure mode
@@ -67,14 +62,18 @@ parameters:
default: '127.0.0.1:12111'
description: Memcached server
type: string
- ContrailMultiTenancy:
- default: true
- description: Turn on/off multi-tenancy
- type: boolean
- ContrailZkServerIp:
- default: []
- description: List of zookeeper servers
- type: comma_delimited_list
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
outputs:
role_data:
@@ -82,19 +81,23 @@ outputs:
value:
service_name: contrail_base
config_settings:
+ contrail::aaa_mode: {get_param: ContrailAAAMode}
+ contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics}
contrail::admin_password: {get_param: AdminPassword}
contrail::admin_tenant_name: {get_param: AdminTenantName}
contrail::admin_token: {get_param: AdminToken}
contrail::admin_user: {get_param: AdminUser}
- contrail::auth_host: {get_param: [EndpointMap, KeystoneInternal, host] }
- contrail::auth_port: {get_param: [EndpointMap, KeystoneInternal, port] }
- contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] }
- contrail::disc_server_ip: {get_param: ContrailDiscoveryServerIp}
- contrail::kafka_broker_list: {get_param: ContrailKafkaBrokerList}
contrail::auth: {get_param: ContrailAuth}
- contrail::cassandra_server_list: {get_param: ContrailCassandraServerList}
- contrail::disc_server_port: {get_param: ContrailDiscoveryServerPort}
+ contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] }
+ contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] }
+ contrail::auth_port_ssl: {get_param: AuthPortSSL }
+ contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] }
+ contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic }
+ contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] }
+ contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] }
+ contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] }
contrail::insecure: {get_param: ContrailInsecure}
contrail::memcached_server: {get_param: ContrailMemcachedServer}
- contrail::multi_tenancy: {get_param: ContrailMultiTenancy}
- contrail::zk_server_ip: {get_param: ContrailZkServerIp}
+ contrail::rabbit_password: {get_param: RabbitPassword}
+ contrail::rabbit_user: {get_param: RabbitUserName}
+ contrail::rabbit_port: {get_param: RabbitClientPort}
diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml
index 03774480..185b6094 100644
--- a/puppet/services/network/contrail-config.yaml
+++ b/puppet/services/network/contrail-config.yaml
@@ -21,29 +21,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailConfigIfmapServerIp:
- description: Ifmap server ip address
- type: string
ContrailConfigIfmapUserName:
description: Ifmap user name
type: string
+ default: 'api-server'
ContrailConfigIfmapUserPassword:
description: Ifmap user password
type: string
- ContrailConfigRabbitServerIp:
- description: RabbitMq server ip address
- type: string
- ContrailConfigRedisServerIp:
- description: Redis server ip address
- type: string
- ContrailConfigListenAddress:
- default: '0.0.0.0'
- description: IP address Config API is listening on
- type: string
- ContrailConfigListenPort:
- default: 8082
- description: Port Config API is listening on
- type: number
+ default: 'api-server'
resources:
ContrailBase:
@@ -62,11 +47,10 @@ outputs:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword}
- contrail::config::ifmap_server_ip: {get_param: ContrailConfigIfmapServerIp}
contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName}
- contrail::config::listen_ip_address: {get_param: ContrailConfigListenAddress}
- contrail::config::listen_port: {get_param: ContrailConfigListenPort}
- contrail::config::rabbit_server: {get_param: ContrailConfigRabbitServerIp}
- contrail::config::redis_server: {get_param: ContrailConfigRedisServerIp}
+ contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]}
+ contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] }
+ contrail::config::redis_server: '127.0.0.1'
+ contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] }
step_config: |
include ::tripleo::network::contrail::config
diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml
index 7c28d283..0964989b 100644
--- a/puppet/services/network/contrail-control.yaml
+++ b/puppet/services/network/contrail-control.yaml
@@ -21,15 +21,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailControlHostIP:
- description: host IP address of Analytics
- type: string
- ContrailControlIfmapUserName:
- description: Ifmap user name
- type: string
- ContrailControlIfmapUserPassword:
- description: Ifmap user password
+ ContrailControlASN:
+ description: Autonomous System Number
+ type: number
+ default: 64512
+ ContrailControlRNDCSecret:
+ description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64
type: string
+ hidden: true
resources:
ContrailBase:
@@ -47,8 +46,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::control::host_ip: {get_param: ContrailControlHostIP}
- contrail::control::ifmap_username: {get_param: ContrailControlIfmapUserName}
- contrail::control::ifmap_password: {get_param: ContrailControlIfmapUserPassword}
+ - contrail::control::asn: {get_param: ContrailControlASN }
+ contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]}
+ contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret}
step_config: |
include ::tripleo::network::contrail::control
diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml
index c56b90a2..b47c2c36 100644
--- a/puppet/services/network/contrail-database.yaml
+++ b/puppet/services/network/contrail-database.yaml
@@ -21,13 +21,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailDatabaseHostIP:
- description: host IP address of Database node
- type: string
- ContrailDatabaseMinDisk:
- description: Minimum disk size for database
- type: number
- default: 64
resources:
ContrailBase:
@@ -45,7 +38,6 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::database::host_ip: {get_param: ContrailDatabaseHostIP}
- contrail::database::minimum_diskGB: {get_param: ContrailDatabaseMinDisk}
+ - contrail::database::host_ip: {get_param: [ServiceNetMap, ContrailDatabaseNetwork]}
step_config: |
- include ::tripleo::profile::contrail::database
+ include ::tripleo::network::contrail::database
diff --git a/puppet/services/network/contrail-heat.yaml b/puppet/services/network/contrail-heat.yaml
new file mode 100644
index 00000000..4dfc6579
--- /dev/null
+++ b/puppet/services/network/contrail-heat.yaml
@@ -0,0 +1,40 @@
+heat_template_version: ocata
+
+description: >
+ Contrail Heat plugin adds Contrail specific heat resources enabling heat
+ to orchestrate Contrail
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Contrail Heat plugin
+ value:
+ service_name: contrail_heat
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::network::contrail::heat
diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml
new file mode 100644
index 00000000..2f2ceb37
--- /dev/null
+++ b/puppet/services/network/contrail-neutron-plugin.yaml
@@ -0,0 +1,45 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Neutron Opencontrail plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailExtensions:
+ description: List of OpenContrail extensions to be enabled
+ type: comma_delimited_list
+ default: ''
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Opencontrail plugin
+ value:
+ service_name: contrail_neutron_plugin
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
+ contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions}
+ step_config: |
+ include tripleo::network::contrail::neutron_plugin
diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/network/contrail-provision.yaml
new file mode 100644
index 00000000..765be9a9
--- /dev/null
+++ b/puppet/services/network/contrail-provision.yaml
@@ -0,0 +1,39 @@
+heat_template_version: ocata
+
+description: >
+ Provision Contrail services after deployment
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Contrail provisioning role
+ value:
+ service_name: contrail_provision
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::network::contrail::provision
diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml
new file mode 100644
index 00000000..88adc4a5
--- /dev/null
+++ b/puppet/services/network/contrail-tsn.yaml
@@ -0,0 +1,64 @@
+heat_template_version: ocata
+
+description: >
+ Contrail TSN Service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronMetadataProxySharedSecret:
+ description: Metadata Secret
+ type: string
+ VrouterPhysicalInterface:
+ default: 'eth0'
+ description: vRouter physical interface
+ type: string
+ VrouterGateway:
+ default: '192.168.24.1'
+ description: vRouter default gateway
+ type: string
+ VrouterNetmask:
+ default: '255.255.255.0'
+ description: vRouter netmask
+ type: string
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Contrail TSN Service
+ value:
+ service_name: contrail_tsn
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]}
+ contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface}
+ contrail::vrouter::gateway: {get_param: VrouterGateway}
+ contrail::vrouter::netmask: {get_param: VrouterNetmask}
+ contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ contrail::vrouter::is_tsn: 'true'
+ tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
+ '111 neutron_compute_plugin_opencontrail proxy':
+ dport: 8097
+ proto: tcp
+ step_config: |
+ include ::tripleo::network::contrail::vrouter
diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml
new file mode 100644
index 00000000..db9f0836
--- /dev/null
+++ b/puppet/services/network/contrail-vrouter.yaml
@@ -0,0 +1,64 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Neutron Compute OpenContrail plugin
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronMetadataProxySharedSecret:
+ description: Metadata Secret
+ type: string
+ hidden: true
+ ContrailVrouterPhysicalInterface:
+ default: 'eth0'
+ description: vRouter physical interface
+ type: string
+ ContrailVrouterGateway:
+ default: '192.0.2.1'
+ description: vRouter default gateway
+ type: string
+ ContrailVrouterNetmask:
+ default: '255.255.255.0'
+ description: vRouter netmask
+ type: string
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute OpenContrail plugin
+ value:
+ service_name: contrail_vrouter
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]}
+ contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
+ contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
+ contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
+ contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
+ '111 neutron_compute_plugin_opencontrail proxy':
+ dport: 8097
+ proto: tcp
+ step_config: |
+ include ::tripleo::network::contrail::vrouter
diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml
index 72cc6fa5..3786cdd1 100644
--- a/puppet/services/network/contrail-webui.yaml
+++ b/puppet/services/network/contrail-webui.yaml
@@ -21,27 +21,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailWebUiAnalyticsVip:
- description: Contrail Analytics VIP
- type: string
- ContrailWebUiConfigVip:
- description: Contrail Config VIP
- type: string
- ContrailWebUiNeutronVip:
- description: Neutron VIP
- type: string
- ContrailWebuiHttpPort:
- default: 8080
- description: HTTP Port of Webui
- type: number
- ContrailWebuiHttpsPort:
- default: 8143
- description: HTTPS Port of Webui
- type: number
- ContrailWebUiRedisIp:
- description: Redis IP
- type: string
- default: '127.0.0.1'
resources:
ContrailBase:
@@ -59,11 +38,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::webui::contrail_analytics_vip: {get_param: ContrailWebUiAnalyticsVip}
- contrail::webui::contrail_config_vip: {get_param: ContrailWebUiConfigVip}
- contrail::webui::contrail_webui_http_port: {get_param: ContrailWebuiHttpPort}
- contrail::webui::contrail_webui_https_port: {get_param: ContrailWebuiHttpsPort}
- contrail::webui::neutron_vip: {get_param: ContrailWebUiNeutronVip}
- contrail::webui::redis_ip: {get_param: ContrailWebUiRedisIp}
+ - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] }
+ contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] }
+ contrail::webui::redis_ip: '127.0.0.1'
step_config: |
include ::tripleo::network::contrail::webui
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index a6c8ba3c..b3a07fb0 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -71,6 +71,9 @@ parameters:
removed in Ocata. Future releases will enable L3 HA by default if it is
appropriate for the deployment type. Alternate mechanisms will be
available to override.
+ EnableInternalTLS:
+ type: boolean
+ default: false
parameter_groups:
- label: deprecated
@@ -82,8 +85,19 @@ parameter_groups:
parameters:
- NeutronL3HA
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+
resources:
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
NeutronBase:
type: ./neutron-base.yaml
properties:
@@ -103,6 +117,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
+ - get_attr: [TLSProxyBase, role_data, config_settings]
- neutron::server::database_connection:
list_join:
- ''
@@ -115,7 +130,7 @@ outputs:
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::rpc_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
@@ -138,7 +153,23 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ tripleo::profile::base::neutron::server::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ tripleo::profile::base::neutron::server::tls_proxy_port:
+ get_param: [EndpointMap, NeutronInternal, port]
+ # Bind to localhost if internal TLS is enabled, since we put a TLS
+ # proxy in front.
+ neutron::bind_host:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
step_config: |
include tripleo::profile::base::neutron::server
@@ -159,9 +190,9 @@ outputs:
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service neutron-server is running"
+ shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop neutron_api service
tags: step2
service: name=neutron-server state=stopped
- - name: Sync neutron_api DB
- tags: step5
- command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml
index ce28b5c3..e3a4da99 100644
--- a/puppet/services/neutron-compute-plugin-ovn.yaml
+++ b/puppet/services/neutron-compute-plugin-ovn.yaml
@@ -18,9 +18,6 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
- OVNDbHost:
- description: IP address on which the OVN DB servers are listening
- type: string
OVNSouthboundServerPort:
description: Port of the Southbound DB Server
type: number
@@ -29,6 +26,16 @@ parameters:
description: Tunnel encapsulation type
type: string
default: geneve
+ NeutronBridgeMappings:
+ description: >
+ The OVS logical->physical bridge mappings to use. See the Neutron
+ documentation for details. Defaults to mapping br-ex - the external
+ bridge on hosts - to a physical name 'datacentre' which can be used
+ to create provider networks (and we use this for the default floating
+ network) - if changing this either use different post-install network
+ scripts or be sure to keep 'datacentre' as a mapping network name
+ type: comma_delimited_list
+ default: "datacentre:br-ex"
outputs:
@@ -37,9 +44,16 @@ outputs:
value:
service_name: neutron_compute_plugin_ovn
config_settings:
- tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
- ovn::southbound::encap_type: {get_param: OVNTunnelEncapType}
+ ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings}
+ tripleo.neutron_compute_plugin_ovn.firewall_rules:
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '119 neutron geneve networks':
+ proto: 'udp'
+ dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 5e7de18e..062edaa4 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -39,6 +39,10 @@ parameters:
default:
tag: openstack.neutron.agent.dhcp
path: /var/log/neutron/dhcp-agent.log
+ NeutronDhcpAgentDnsmasqDnsServers:
+ default: []
+ description: List of servers to use as dnsmasq forwarders
+ type: comma_delimited_list
resources:
@@ -64,6 +68,7 @@ outputs:
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
+ neutron::agents::dhcp::dnsmasq_dns_servers: {get_param: NeutronDhcpAgentDnsmasqDnsServers}
tripleo.neutron_dhcp.firewall_rules:
'115 neutron dhcp input':
proto: 'udp'
@@ -75,6 +80,9 @@ outputs:
step_config: |
include tripleo::profile::base::neutron::dhcp
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop neutron_dhcp service
tags: step2
service: name=neutron-dhcp-agent state=stopped
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 9d858441..69803551 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -80,6 +80,9 @@ outputs:
step_config: |
include tripleo::profile::base::neutron::l3
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop neutron_l3 service
tags: step2
service: name=neutron-l3-agent state=stopped
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 43066767..6f5debdd 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -70,12 +70,15 @@ outputs:
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
- neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
step_config: |
include tripleo::profile::base::neutron::metadata
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop neutron_metadata service
tags: step2
service: name=neutron-metadata-agent state=stopped
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index baeb0c66..c27bb909 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -121,6 +121,9 @@ outputs:
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
+ - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
+ tags: step0,validation
- name: Stop neutron_ovs_agent service
tags: step2
service: name=neutron-openvswitch-agent state=stopped
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
index 5c77e35d..e25bc495 100644
--- a/puppet/services/neutron-ovs-dpdk-agent.yaml
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -18,6 +18,11 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HostCpusList:
+ description: List of cores to be used for host process
+ type: string
+ constraints:
+ - allowed_pattern: "'[0-9,-]+'"
NeutronDpdkCoreList:
description: List of cores to be used for DPDK Poll Mode Driver
type: string
@@ -68,7 +73,8 @@ outputs:
- neutron::agents::ml2::ovs::enable_dpdk: true
neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
- vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
+ vswitch::dpdk::host_core_list: {get_param: HostCpusList}
+ vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList}
vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml
new file mode 100644
index 00000000..85971f17
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml
@@ -0,0 +1,78 @@
+heat_template_version: ocata
+
+description: Configure hieradata for Fujitsu fossw plugin configuration
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronFujitsuFosswIps:
+ description: 'The List of IP address of all fos switches.'
+ type: comma_delimited_list
+ NeutronFujitsuFosswUserName:
+ description: 'The username of the fos switches.'
+ type: string
+ NeutronFujitsuFosswPassword:
+ description: 'The password of the fos switches.'
+ type: string
+ hidden: true
+ NeutronFujitsuFosswPort:
+ description: 'The port number used for SSH connection.'
+ type: number
+ default: 22
+ NeutronFujitsuFosswTimeout:
+ description: 'The timeout os SSH connection.'
+ type: number
+ default: 30
+ NeutronFujitsuFosswUdpDestPort:
+ description: 'The port number of VXLAN UDP destination on the fos switches.'
+ type: number
+ default: 4789
+ NeutronFujitsuFosswOvsdbVlanidRangeMin:
+ description: 'The minimum VLAN ID in the range that is used for binding VNI and physical port.'
+ type: number
+ default: 2
+ NeutronFujitsuFosswOvsdbPort:
+ description: 'The port number which OVSDB server on the fos switches listen.'
+ type: number
+ default: 6640
+
+resources:
+
+ NeutronMl2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for Fujitsu Fossw ML2 Driver
+ value:
+ service_name: neutron_plugin_ml2_fujitsu_fossw
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMl2Base, role_data, config_settings]
+ - neutron::plugins::ml2::fujitsu::fossw::fossw_ips: {get_param: NeutronFujitsuFosswIps}
+ neutron::plugins::ml2::fujitsu::fossw::username: {get_param: NeutronFujitsuFosswUserName}
+ neutron::plugins::ml2::fujitsu::fossw::password: {get_param: NeutronFujitsuFosswPassword}
+ neutron::plugins::ml2::fujitsu::fossw::port: {get_param: NeutronFujitsuFosswPort}
+ neutron::plugins::ml2::fujitsu::fossw::timeout: {get_param: NeutronFujitsuFosswTimeout}
+ neutron::plugins::ml2::fujitsu::fossw::udp_dest_port: {get_param: NeutronFujitsuFosswUdpDestPort}
+ neutron::plugins::ml2::fujitsu::fossw::ovsdb_vlanid_range_min: {get_param: NeutronFujitsuFosswOvsdbVlanidRangeMin}
+ neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort}
+ step_config: |
+ include ::tripleo::profile::base::neutron::plugins::ml2
+
diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml
index 59346edc..4d4c3900 100644
--- a/puppet/services/neutron-plugin-ml2-ovn.yaml
+++ b/puppet/services/neutron-plugin-ml2-ovn.yaml
@@ -18,10 +18,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ OVNSouthboundServerPort:
+ description: Port of the OVN Southbound DB server
+ type: number
+ default: 6642
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
- default: 60
+ default: 180
OVNVifType:
description: Type of VIF to be used for ports
type: string
@@ -43,6 +47,10 @@ parameters:
description: OVN notification driver for Neutron QOS service plugin
type: string
default: NULL
+ NeutronGeneveMaxHeaderSize:
+ description: Geneve encapsulation header size
+ type: number
+ default: 38
resources:
@@ -61,10 +69,12 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
- - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
- neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
- neutron::plugins::ovn::ovn_l3_mode: true
- neutron::plugins::ovn::vif_type: {get_param: OVNVifType}
+ - ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+ neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+ neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
+ neutron::plugins::ml2::ovn::ovn_l3_mode: true
+ neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
+ neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 407ce6ba..3abd04f3 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -60,12 +60,6 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
- NeutronSupportedPCIVendorDevs:
- description: |
- List of supported pci vendor devices in the format VendorID:ProductID.
- By default Intel & Mellanox SR-IOV capable NICs are supported.
- type: comma_delimited_list
- default: ['15b3:1004','8086:10ca']
resources:
NeutronBase:
@@ -91,7 +85,9 @@ outputs:
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
- neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
+ service_config_settings:
+ horizon:
+ neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml
deleted file mode 100644
index 976e5f19..00000000
--- a/puppet/services/neutron-plugin-opencontrail.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-heat_template_version: ocata
-
-description: >
- OpenStack Neutron Opencontrail plugin
-
-parameters:
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry. This
- mapping overrides those in ServiceNetMapDefaults.
- type: json
- DefaultPasswords:
- default: {}
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- AdminToken:
- description: The keystone auth secret and db password.
- type: string
- hidden: true
- ContrailApiServerIp:
- description: IP address of the OpenContrail API server
- type: string
- ContrailApiServerPort:
- description: Port of the OpenContrail API
- type: string
- default: 8082
- ContrailMultiTenancy:
- description: Whether to enable multi tenancy
- type: boolean
- default: false
- ContrailExtensions:
- description: List of OpenContrail extensions to be enabled
- type: comma_delimited_list
- default: ''
-
-resources:
-
- NeutronBase:
- type: ./neutron-base.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
-
-outputs:
- role_data:
- description: Role data for the Neutron Opencontrail plugin
- value:
- service_name: neutron_plugin_opencontrail
- config_settings:
- map_merge:
- - get_attr: [NeutronBase, role_data, config_settings]
- - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions,/usr/lib/python2.7/site-packages/neutron_lbaas/extensions
-
- neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp}
- neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort}
- neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy}
- neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions}
- neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] }
- neutron::plugins::opencontrail::keystone_admin_user: admin
- neutron::plugins::opencontrail::keystone_admin_tenant_name: admin
- neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword}
- neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken}
- step_config: |
- include tripleo::profile::base::neutron::plugins::opencontrail
diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml
index bd078074..ad1dcfb0 100644
--- a/puppet/services/neutron-plugin-plumgrid.yaml
+++ b/puppet/services/neutron-plugin-plumgrid.yaml
@@ -102,7 +102,7 @@ outputs:
- '/ovs_neutron'
- '?bind_address='
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
- neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]}
+ neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]}
neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 36ac3e08..d18b5b48 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -58,18 +58,24 @@ parameters:
default: 'public'
description: Default pool for floating IP addresses
type: string
+ NovaDbSyncTimeout:
+ default: 300
+ description: Timeout for Nova db sync
+ type: number
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
- ApacheServiceBase:
- type: ./apache.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
- EnableInternalTLS: {get_param: EnableInternalTLS}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # ApacheServiceBase:
+ # type: ./apache.yaml
+ # properties:
+ # ServiceNetMap: {get_param: ServiceNetMap}
+ # DefaultPasswords: {get_param: DefaultPasswords}
+ # EndpointMap: {get_param: EndpointMap}
+ # EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
@@ -90,7 +96,9 @@ outputs:
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- - get_attr: [ApacheServiceBase, role_data, config_settings]
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # - get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo.nova_api.firewall_rules:
@@ -104,7 +112,7 @@ outputs:
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
nova::api::sync_db_api: true
@@ -115,20 +123,23 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::api::service_name: 'httpd'
- nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ nova_wsgi_enabled: false
+ # nova::api::service_name: 'httpd'
+ # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::wsgi::apache_api::servername:
- str_replace:
- template:
- "%{hiera('fqdn_$NETWORK')}"
- params:
- $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ # nova::wsgi::apache_api::servername:
+ # str_replace:
+ # template:
+ # "%{hiera('fqdn_$NETWORK')}"
+ # params:
+ # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
@@ -137,7 +148,9 @@ outputs:
- nova_workers_zero
- {}
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
- nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
step_config: |
include tripleo::profile::base::nova::api
service_config_settings:
@@ -165,3 +178,90 @@ outputs:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # metadata_settings:
+ # get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
+ - name: Extra migration for nova tripleo/+bug/1656791
+ tags: step0,pre-upgrade
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
+ - name: update nova api
+ tags: step2
+ yum: name=openstack-nova-api state=latest
+ - name: Stop and disable nova_api service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
+ - name: Create puppet manifest to set transport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ copy:
+ dest: /root/nova-api_upgrade_manifest.pp
+ mode: 0600
+ content: >
+ $transport_url = os_transport_url({
+ 'transport' => hiera('messaging_service_name', 'rabbit'),
+ 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
+ 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
+ 'username' => hiera('nova::rabbit_userid', 'guest'),
+ 'password' => hiera('nova::rabbit_password'),
+ 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
+ })
+ oslo::messaging::default { 'nova_config':
+ transport_url => $transport_url
+ }
+ - name: Run puppet apply to set tranport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ command: puppet apply --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
+ register: puppet_apply_nova_api_upgrade
+ failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
+ changed_when: puppet_apply_nova_api_upgrade.rc == 2
+ - name: Setup cell_v2 (map cell0)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 map_cell0
+ - name: Setup cell_v2 (create default cell)
+ tags: step5
+ when: is_bootstrap_node
+ # (owalsh) puppet-nova expects the cell name 'default'
+ # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
+ shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
+ register: nova_api_create_cell
+ failed_when: nova_api_create_cell.rc not in [0,2]
+ changed_when: nova_api_create_cell.rc == 0
+ - name: Setup cell_v2 (sync nova/cell DB)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db sync
+ async: {get_param: NovaDbSyncTimeout}
+ poll: 10
+ - name: Setup cell_v2 (migrate hosts)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 map_cell_and_hosts
+ - name: Setup cell_v2 (get cell uuid)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
+ register: nova_api_cell_uuid
+ - name: Setup cell_v2 (migrate instances)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
+ - name: Sync nova_api DB
+ tags: step5
+ command: nova-manage api_db sync
+ when: is_bootstrap_node
+ - name: Online data migration for nova
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index c448bf49..d892c36d 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -115,7 +115,11 @@ parameters:
description: >
Cron to move deleted instances to another table - Until complete
default: false
-
+ NovaPlacementAPIInterface:
+ type: string
+ description: >
+ Endpoint interface to be used for the placement API.
+ default: 'internal'
conditions:
@@ -134,8 +138,9 @@ outputs:
nova::rabbit_port: {get_param: RabbitClientPort}
nova::placement::project_name: 'service'
nova::placement::password: {get_param: NovaPassword}
- nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ nova::placement::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::placement::os_region_name: {get_param: KeystoneRegion}
+ nova::placement::os_interface: {get_param: NovaPlacementAPIInterface}
nova::database_connection:
list_join:
- ''
@@ -145,8 +150,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::api_database_connection:
list_join:
- ''
@@ -156,8 +159,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::placement_database_connection:
list_join:
- ''
@@ -167,12 +168,11 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_placement'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::debug: {get_param: Debug}
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
nova::network::neutron::neutron_username: 'neutron'
+ nova::network::neutron::neutron_region_name: {get_param: KeystoneRegion}
nova::network::neutron::dhcp_domain: ''
nova::network::neutron::neutron_password: {get_param: NeutronPassword}
nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 2312b635..9923e833 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -75,6 +75,10 @@ parameters:
default:
tag: openstack.nova.compute
path: /var/log/nova/nova-compute.log
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: auto
resources:
NovaBase:
@@ -141,3 +145,24 @@ outputs:
# We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
+ service_config_settings:
+ collectd:
+ tripleo.collectd.plugins.nova_compute:
+ - virt
+ collectd::plugins::virt::connection: "qemu:///system"
+ upgrade_tasks:
+ - name: Stop nova-compute service
+ tags: step2
+ service: name=openstack-nova-compute state=stopped
+ # If not already set by puppet (e.g a pre-ocata version), set the
+ # upgrade_level for compute to "auto"
+ - name: Set compute upgrade level to auto
+ tags: step3
+ ini_file:
+ str_replace:
+ template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
+ params:
+ LEVEL: {get_param: UpgradeLevelNovaCompute}
+ - name: Start nova-compute service
+ tags: step6
+ service: name=openstack-nova-compute state=started
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index b96bf6e6..7b086536 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -30,6 +30,10 @@ parameters:
default:
tag: openstack.nova.scheduler
path: /var/log/nova/nova-scheduler.log
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: auto
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
@@ -61,3 +65,19 @@ outputs:
- nova::conductor::workers: {get_param: NovaWorkers}
step_config: |
include tripleo::profile::base::nova::conductor
+ upgrade_tasks:
+ - name: Stop nova_conductor service
+ tags: step2
+ service: name=openstack-nova-conductor state=stopped
+ - name: update nova conductor
+ tags: step2
+ yum: name=openstack-nova-conductor state=latest
+ # If not already set by puppet (e.g a pre-ocata version), set the
+ # upgrade_level for compute to "auto"
+ - name: Set compute upgrade level to auto
+ tags: step3
+ ini_file:
+ str_replace:
+ template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
+ params:
+ LEVEL: {get_param: UpgradeLevelNovaCompute}
diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml
index 79969ded..b5a1312a 100644
--- a/puppet/services/nova-consoleauth.yaml
+++ b/puppet/services/nova-consoleauth.yaml
@@ -48,3 +48,7 @@ outputs:
get_attr: [NovaBase, role_data, config_settings]
step_config: |
include tripleo::profile::base::nova::consoleauth
+ upgrade_tasks:
+ - name: Stop nova_consoleauth service
+ tags: step2
+ service: name=openstack-nova-consoleauth state=stopped
diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml
index 306c6b6f..5eb2170a 100644
--- a/puppet/services/nova-ironic.yaml
+++ b/puppet/services/nova-ironic.yaml
@@ -42,10 +42,10 @@ outputs:
- nova::compute::force_config_drive: true
nova::compute::reserved_host_memory: '0'
nova::compute::vnc_enabled: false
- nova::ironic::common::admin_password: {get_param: IronicPassword}
- nova::ironic::common::admin_tenant_name: 'service'
- nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
- nova::ironic::common::admin_username: 'ironic'
+ nova::ironic::common::password: {get_param: IronicPassword}
+ nova::ironic::common::project_name: 'service'
+ nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ nova::ironic::common::username: 'ironic'
nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
nova::network::neutron::dhcp_domain: ''
nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index a9b2b3f9..faf1ae48 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -62,6 +62,7 @@ outputs:
nova::compute::libvirt::qemu::configure_qemu: true
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
+ nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 82b83561..5564c1b3 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -86,13 +86,13 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
- $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ $NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
-
if:
- nova_workers_zero
@@ -118,3 +118,7 @@ outputs:
nova::db::mysql_placement::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ upgrade_tasks:
+ - name: Stop nova_placement service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index 353a75ac..0e0b9d1e 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -63,3 +63,10 @@ outputs:
nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters}
step_config: |
include tripleo::profile::base::nova::scheduler
+ upgrade_tasks:
+ - name: Stop nova_scheduler service
+ tags: step2
+ service: name=openstack-nova-scheduler state=stopped
+ - name: update nova scheduler
+ tags: step2
+ yum: name=openstack-nova-scheduler state=latest
diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml
index bf244943..f6cf9649 100644
--- a/puppet/services/nova-vnc-proxy.yaml
+++ b/puppet/services/nova-vnc-proxy.yaml
@@ -64,3 +64,7 @@ outputs:
- 13080
step_config: |
include tripleo::profile::base::nova::vncproxy
+ upgrade_tasks:
+ - name: Stop nova_vnc_proxy service
+ tags: step2
+ service: name=openstack-nova-consoleauth state=stopped
diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml
new file mode 100644
index 00000000..37ba1f73
--- /dev/null
+++ b/puppet/services/octavia-api.yaml
@@ -0,0 +1,99 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia API service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OctaviaPassword:
+ description: The password for the Octavia's database account.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ MonitoringSubscriptionOctaviaApi:
+ default: 'overcloud-octavia-api'
+ type: string
+ OctaviaApiLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.api
+ path: /var/log/octavia/api.log
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia API service.
+ value:
+ service_name: octavia_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi}
+ logging_source: {get_param: OctaviaApiLoggingSource}
+ logging_groups:
+ - octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ - octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ octavia::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://octavia:'
+ - {get_param: OctaviaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/octavia'
+ - '?bind_address='
+ - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+ octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ octavia::keystone::authtoken::project_name: 'service'
+ octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
+ octavia::api::sync_db: true
+ tripleo.octavia_api.firewall_rules:
+ '120 octavia api':
+ dport:
+ - 9876
+ - 13876
+ octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
+ neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default']
+ step_config: |
+ include tripleo::profile::base::octavia::api
+ service_config_settings:
+ keystone:
+ octavia::keystone::auth::tenant: 'service'
+ octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]}
+ octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] }
+ octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] }
+ octavia::keystone::auth::password: {get_param: OctaviaPassword}
+ octavia::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ octavia::db::mysql::password: {get_param: OctaviaPassword}
+ octavia::db::mysql::user: octavia
+ octavia::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ octavia::db::mysql::dbname: octavia
+ octavia::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml
new file mode 100644
index 00000000..b537a2bc
--- /dev/null
+++ b/puppet/services/octavia-base.yaml
@@ -0,0 +1,62 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia base service. Shared for all Octavia services
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
+ EnableConfigPurge:
+ type: boolean
+ default: true
+ description: >
+ Remove configuration that is not generated by TripleO. Setting
+ to false may result in configuration remnants after updates/upgrades.
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Base role data for Octavia services
+ value:
+ service_name: octavia_base
+ config_settings:
+ octavia::debug: {get_param: Debug}
+ octavia::purge_config: {get_param: EnableConfigPurge}
+ octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ tripleo::profile::base::octavia::rabbit_user: {get_param: RabbitUserName}
+ tripleo::profile::base::octavia::rabbit_password: {get_param: RabbitPassword}
+ tripleo::profile::base::octavia::rabbit_port: {get_param: RabbitClientPort}
+
diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml
new file mode 100644
index 00000000..51d32f23
--- /dev/null
+++ b/puppet/services/octavia-health-manager.yaml
@@ -0,0 +1,61 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia Health Manager service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionOctaviaHealthManager:
+ default: 'overcloud-octavia-health-manager'
+ type: string
+ OctaviaHealthManagerLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.health-manager
+ path: /var/log/octavia/health-manager.log
+ OctaviaHeartbeatKey:
+ type: string
+ description: Key to identify heartbeat messages for amphorae.
+ hidden: true
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia Health Manager service.
+ value:
+ service_name: octavia_health_manager
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager}
+ logging_source: {get_param: OctaviaHealthManagerLoggingSource}
+ logging_groups:
+ - octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
+ octavia::health_manager::event_streamer_driver: 'queue_event_streamer'
+ step_config: |
+ include tripleo::profile::base::octavia::health_manager
+
+
+
diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml
new file mode 100644
index 00000000..84c33433
--- /dev/null
+++ b/puppet/services/octavia-housekeeping.yaml
@@ -0,0 +1,70 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia Housekeeping service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OctaviaAmphoraExpiryAge:
+ default: 0
+ description: The interval in seconds after which an unused Amphora will
+ be considered expired and cleaned up. If left to 0, the
+ configuration will not be set and the system will use
+ the service defaults.
+ type: number
+ MonitoringSubscriptionOctaviaHousekeeping:
+ default: 'overcloud-octavia-housekeeping'
+ type: string
+ OctaviaHousekeepingLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.housekeeping
+ path: /var/log/octavia/housekeeping.log
+
+conditions:
+ amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
+
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia Housekeeping service.
+ value:
+ service_name: octavia_housekeeping
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping}
+ logging_source: {get_param: OctaviaHousekeepingLoggingSource}
+ logging_groups:
+ - octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ -
+ if:
+ - amphora_expiry_is_zero
+ - {}
+ - octavia::worker::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
+ step_config: |
+ include tripleo::profile::base::octavia::housekeeping
+
+
diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml
new file mode 100644
index 00000000..9212b76b
--- /dev/null
+++ b/puppet/services/octavia-worker.yaml
@@ -0,0 +1,102 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia Worker service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionOctaviaWorker:
+ default: 'overcloud-octavia-worker'
+ type: string
+ OctaviaWorkerLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.worker
+ path: /var/log/octavia/worker.log
+ OctaviaAmphoraImageTag:
+ default: ''
+ description: Glance image tag for identifying the amphora image.
+ type: string
+ OctaviaAmphoraNetworkList:
+ default: []
+ description: List of networks to attach to amphorae.
+ type: comma_delimited_list
+ OctaviaLoadBalancerTopology:
+ default: ''
+ description: Load balancer topology configuration.
+ type: string
+ OctaviaFlavorId:
+ default: 65
+ description: Nova flavor ID to be used when creating the nova flavor for
+ amphora.
+ type: number
+ OctaviaFlavorProperties:
+ default: {}
+ description: Dictionary describing the nova flavor for amphora.
+ type: json
+ OctaviaManageNovaFlavor:
+ default: false
+ description: Configure the nova flavor for the amphora.
+ type: boolean
+ OctaviaSSHKeyName:
+ default: 'octavia-ssh-key'
+ description: name for ssh key to be configured so the amphora can
+ be logged into.
+ type: string
+
+conditions:
+ octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
+ octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]}
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia WoWorker service.
+ value:
+ service_name: octavia_worker
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker}
+ logging_source: {get_param: OctaviaWorkerLoggingSource}
+ logging_groups:
+ -octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ - octavia::worker::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
+ octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId}
+ octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
+ octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
+ octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName}
+ -
+ if:
+ - octavia_amphora_tag_unset
+ - {}
+ - octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
+ -
+ if:
+ - octavia_topology_unset
+ - {}
+ - octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
+ step_config: |
+ include tripleo::profile::base::octavia::worker
+
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 9adf1bdb..ca21cfbe 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -29,11 +29,22 @@ parameters:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
+ PacemakerRemoteAuthkey:
+ type: string
+ description: The authkey for the pacemaker remote service.
+ hidden: true
+ default: ''
PcsdPassword:
type: string
description: The password for the 'pcsd' user for pacemaker.
hidden: true
default: ''
+ CorosyncSettleTries:
+ type: number
+ description: Number of tries for cluster settling. This has the
+ same default as the pacemaker puppet module. Override
+ to a smaller value when in need to replace a controller node.
+ default: 360
FencingConfig:
default: {}
description: |
@@ -76,6 +87,10 @@ parameters:
\[(?<pid>[^ ]*)\]
(?<host>[^ ]*)
(?<message>.*)$/
+ PacemakerResources:
+ type: comma_delimited_list
+ description: List of resources managed by pacemaker
+ default: ['rabbitmq','haproxy']
outputs:
role_data:
@@ -92,6 +107,7 @@ outputs:
pacemaker::resource_defaults::defaults:
resource-stickiness: { value: INFINITY }
corosync_token_timeout: 10000
+ pacemaker::corosync::settle_tries: {get_param: CorosyncSettleTries}
tripleo.pacemaker.firewall_rules:
'130 pacemaker tcp':
proto: 'tcp'
@@ -112,5 +128,20 @@ outputs:
passwords:
- {get_param: PcsdPassword}
- {get_param: [DefaultPasswords, pcsd_password]}
+ tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
step_config: |
include ::tripleo::profile::base::pacemaker
+ upgrade_tasks:
+ - name: Check pacemaker cluster running before upgrade
+ tags: step0,validation
+ pacemaker_cluster: state=online check_and_fail=true
+ - name: Stop pacemaker cluster
+ tags: step1
+ pacemaker_cluster: state=offline
+ - name: Start pacemaker cluster
+ tags: step4
+ pacemaker_cluster: state=online
+ - name: Check pacemaker resource
+ tags: step4
+ pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200
+ with_items: {get_param: PacemakerResources}
diff --git a/puppet/services/pacemaker/ceph-rbdmirror.yaml b/puppet/services/pacemaker/ceph-rbdmirror.yaml
new file mode 100644
index 00000000..7686028d
--- /dev/null
+++ b/puppet/services/pacemaker/ceph-rbdmirror.yaml
@@ -0,0 +1,47 @@
+heat_template_version: ocata
+
+description: >
+ Ceph RBD mirror service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephClientUserName:
+ default: openstack
+ type: string
+
+resources:
+ CephBase:
+ type: ../ceph-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph RBD mirrror service.
+ value:
+ service_name: ceph_rbdmirror
+ config_settings:
+ map_merge:
+ - get_attr: [CephBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::ceph::rbdmirror::client_name: {get_param: CephClientUserName}
+ tripleo.ceph_rbdmirror.firewall_rules:
+ '113 ceph_rbdmirror':
+ dport:
+ - '6800-7300'
+ step_config: |
+ include ::tripleo::profile::pacemaker::ceph::rbdmirror \ No newline at end of file
diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
index 511a01ab..93bf5967 100644
--- a/puppet/services/pacemaker/database/mysql.yaml
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -53,6 +53,8 @@ outputs:
get_param: [ServiceNetMap, MysqlNetwork]
step_config: |
include ::tripleo::profile::pacemaker::database::mysql
+ metadata_settings:
+ get_attr: [MysqlBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check for galera root password
tags: step0
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index 50da4119..598deaef 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -40,3 +40,5 @@ outputs:
tripleo::haproxy::mysql_clustercheck: true
step_config: |
include ::tripleo::profile::pacemaker::haproxy
+ metadata_settings:
+ get_attr: [LoadbalancerServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml
new file mode 100644
index 00000000..daee43e6
--- /dev/null
+++ b/puppet/services/pacemaker_remote.yaml
@@ -0,0 +1,57 @@
+heat_template_version: ocata
+
+description: >
+ Pacemaker remote service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ PacemakerRemoteAuthkey:
+ type: string
+ description: The authkey for the pacemaker remote service.
+ hidden: true
+ default: ''
+ MonitoringSubscriptionPacemakerRemote:
+ default: 'overcloud-pacemaker_remote'
+ type: string
+ PacemakerRemoteLoggingSource:
+ type: json
+ default:
+ tag: system.pacemaker_remote
+ path: /var/log/pacemaker.log
+ format: >-
+ /^(?<time>[^ ]*\s*[^ ]* [^ ]*)
+ \[(?<pid>[^ ]*)\]
+ (?<host>[^ ]*)
+ (?<message>.*)$/
+
+outputs:
+ role_data:
+ description: Role data for the Pacemaker remote role.
+ value:
+ service_name: pacemaker_remote
+ monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
+ logging_groups:
+ - haclient
+ logging_source: {get_param: PacemakerRemoteLoggingSource}
+ config_settings:
+ tripleo.pacemaker_remote.firewall_rules:
+ '130 pacemaker_remote tcp':
+ proto: 'tcp'
+ dport:
+ - 3121
+ tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
+ step_config: |
+ include ::tripleo::profile::base::pacemaker_remote
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index 06284fb2..4b74ad45 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -82,3 +82,5 @@ outputs:
get_attr: [PankoBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::panko::api
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml
index 6e25d796..2c2586af 100644
--- a/puppet/services/panko-base.yaml
+++ b/puppet/services/panko-base.yaml
@@ -53,7 +53,7 @@ outputs:
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::password: {get_param: PankoPassword}
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::auth::auth_password: {get_param: PankoPassword}
panko::auth::auth_region: 'regionOne'
panko::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 9e494385..8573ea81 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -90,3 +90,7 @@ outputs:
sahara::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ upgrade_tasks:
+ - name: Stop sahara_api service
+ tags: step2
+ service: name=openstack-sahara-api state=stopped
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index b4307053..e2084186 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -73,7 +73,7 @@ outputs:
sahara::debug: {get_param: Debug}
sahara::admin_password: {get_param: SaharaPassword}
sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ sahara::identity_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
sahara::use_neutron: true
sahara::plugins: {get_param: SaharaPlugins}
sahara::rpc_backend: rabbit
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index a1521c28..987fe25b 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -49,3 +49,10 @@ outputs:
- get_attr: [SaharaBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::sahara::engine
+ upgrade_tasks:
+ - name: Stop sahara_engine service
+ tags: step2
+ service: name=openstack-sahara-engine state=stopped
+ - name: Sync sahara_engine DB
+ tags: step5
+ command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 90268c78..80da5352 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -118,4 +118,9 @@ outputs:
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ upgrade_batch_tasks:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml
index be9d143e..fd6ed818 100644
--- a/puppet/services/snmp.yaml
+++ b/puppet/services/snmp.yaml
@@ -43,3 +43,7 @@ outputs:
proto: 'udp'
step_config: |
include ::tripleo::profile::base::snmp
+ upgrade_tasks:
+ - name: Stop snmp service
+ tags: step2
+ service: name=snmpd state=stopped
diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/sshd.yaml
index bbe4a051..41e144a0 100644
--- a/puppet/services/neutron-compute-plugin-opencontrail.yaml
+++ b/puppet/services/sshd.yaml
@@ -1,7 +1,7 @@
heat_template_version: ocata
description: >
- OpenStack Neutron Compute OpenContrail plugin
+ Configure sshd_config
parameters:
ServiceNetMap:
@@ -18,12 +18,17 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ BannerText:
+ default: ''
+ description: Configures Banner text in sshd_config
+ type: string
outputs:
role_data:
- description: Role data for the Neutron Compute OpenContrail plugin
+ description: Role data for the ssh
value:
- service_name: neutron_compute_plugin_opencontrail
+ service_name: sshd
config_settings:
+ BannerText: {get_param: BannerText}
step_config: |
- include ::tripleo::profile::base::neutron::opencontrail::vrouter
+ include ::tripleo::profile::base::sshd
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 62d227a2..526fa888 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -57,6 +57,12 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
conditions:
@@ -81,7 +87,7 @@ outputs:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
@@ -91,6 +97,7 @@ outputs:
swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
swift::proxy::ceilometer::nonblocking_notify: true
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
+ tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL}
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
index a7ba7bad..2e3c818f 100644
--- a/puppet/services/swift-ringbuilder.yaml
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -43,6 +43,16 @@ parameters:
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
+conditions:
+ swift_use_local_dir:
+ and:
+ - equals:
+ - get_param: SwiftUseLocalDir
+ - true
+ - equals:
+ - get_param: SwiftRawDisks
+ - {}
+
outputs:
role_data:
description: Role data for Swift Ringbuilder configuration.
@@ -59,7 +69,7 @@ outputs:
expression: $.data.raw_disk_lists.flatten()
data:
raw_disk_lists:
- - {if: [{get_param: SwiftUseLocalDir}, [':%PORT%/d1'], []]}
+ - {if: [swift_use_local_dir, [':%PORT%/d1'], []]}
- repeat:
template: ':%PORT%/DEVICE'
for_each:
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 08df928d..247b23ff 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -56,6 +56,17 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+conditions:
+ swift_mount_check:
+ or:
+ - equals:
+ - get_param: SwiftMountCheck
+ - true
+ - not:
+ equals:
+ - get_param: SwiftRawDisks
+ - {}
+
outputs:
role_data:
description: Role data for the Swift Proxy role.
@@ -65,7 +76,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- - swift::storage::all::mount_check: {get_param: SwiftMountCheck}
+ - swift::storage::all::mount_check: {if: [swift_mount_check, true, false]}
tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
tripleo.swift_storage.firewall_rules:
'123 swift storage':
diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
new file mode 100644
index 00000000..5cf09a6d
--- /dev/null
+++ b/puppet/services/tacker.yaml
@@ -0,0 +1,91 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Tacker service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ TackerPassword:
+ description: The password for the tacker service account.
+ type: string
+ hidden: true
+ Debug:
+ type: string
+ default: ''
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Tacker role.
+ value:
+ service_name: tacker
+ config_settings:
+ tacker_password: {get_param: TackerPassword}
+ tacker::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://tacker:'
+ - {get_param: TackerPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/tacker'
+ - '?bind_address='
+ - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
+
+ tacker::keystone::auth::tenant: 'service'
+ tacker::keystone::auth::password: {get_param: TackerPassword}
+ tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ tacker::debug: {get_param: Debug}
+ tacker::rpc_backend: rabbit
+ tacker::rabbit_userid: {get_param: RabbitUserName}
+ tacker::rabbit_password: {get_param: RabbitPassword}
+ tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ tacker::rabbit_port: {get_param: RabbitClientPort}
+ tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]}
+
+ tacker::db::mysql::password: {get_param: TackerPassword}
+ tacker::db::mysql::user: tacker
+ tacker::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ tacker::db::mysql::dbname: tacker
+ tacker::db::mysql::allowed_hosts:
+ - '%'
+ - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+
+
+ step_config: |
+ include ::tripleo::profile::base::tacker
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 0224ac13..cb860fa8 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -40,7 +40,7 @@ outputs:
config_settings:
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
zaqar::keystone::authtoken::project_name: 'service'
- zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
zaqar::debug: {get_param: Debug}
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml
index e892d813..2cfd43f4 100644
--- a/puppet/upgrade_config.yaml
+++ b/puppet/upgrade_config.yaml
@@ -11,6 +11,11 @@ parameters:
type: string
description: Step number of the upgrade
+ SkipUpgradeConfigTags:
+ type: comma_delimited_list
+ description: Ansible tags to skip during upgrade, e.g validation skips pre-upgrade validations
+ default: []
+
resources:
AnsibleConfig:
@@ -30,9 +35,13 @@ resources:
properties:
group: ansible
options:
+ skip_tags:
+ list_join:
+ - ","
+ - {get_param: SkipUpgradeConfigTags}
tags:
str_replace:
- template: "stepSTEP"
+ template: "common,stepSTEP"
params:
STEP: {get_param: step}
modulepath: /usr/share/ansible-modules
diff --git a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
new file mode 100644
index 00000000..f9afb18d
--- /dev/null
+++ b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml
@@ -0,0 +1,125 @@
+---
+prelude: >
+ 6.0.0 is the final release for Ocata.
+ It's the first release where release notes are added.
+features:
+ - Fujitsu Neutron plugin for FOS support. Users can deploy
+ Neutron with this plugin by using
+ environments/neutron-ml2-fujitsu-fossw.yaml environment file.
+ - Expose InstanceDiscoveryMethod parameter to configure Ceilometer
+ method used to discover instances running on compute node.
+ Default value to 'libvirt_metadata'. Allowed values are 'naive',
+ 'libvirt_metadata' and 'workload_partitioning'.
+ - Make ServiceNetMap support custom network names.
+ Note that operators will still be expected to pass any ServiceNetMap
+ overrides with the "new" network name, e.g whatever NetName specifies,
+ otherwise environment files could get very confusing.
+ - Nova Placement API support. As this new service is required, deploy it
+ by default in WSGI with Apache, like other API services.
+ - Cinder pass-through iSER backend support.
+ - etcd composable services, used by networking-vpp ML2 driver as the
+ messaging mechanism.
+ - Allow to configure cron parameters for Cinder, Heat, Keystone and Nova
+ crontabs.
+ - Export NovaDefaultFloatingPool parameter to configure the default pool
+ of floating IP addressed available. Default to 'public' for backward
+ compatibility.
+ - Bump Heat Templates to 'ocata' version, to match Heat requirements.
+ - Configure OVS agent firewall driver only if NeutronOVSFirewallDriver
+ is set.
+ - Expose RbdDefaultFeatures parameter to configure the default features
+ enabled when creating a block device image.
+ Only applies to format '2' images. Set to '1' for Jewel clients using
+ older Ceph servers.
+ - Cinder HPELeftHandISCSIDriver backend support.
+ - Pacemaker stopped to manage Ceilometer, Cinder API,
+ Cinder Scheduler, MongoDB, Glance, Gnocchi, Heat, Apache, Memcached,
+ Neutron, Nova and Sahara.
+ - Ceph MDS service support. Service can be enable with
+ environments/services/ceph-mds.yaml environment file.
+ - Expose HeatConvergenceEngine and HeatMaxResourcesPerStack parameters
+ to configure Heat.
+ - Add pre-network hook and example showing config-then-reboot.
+ - Expose LibvirtEnabledPerfEvents parameter in Nova Compute service.
+ Default to an empty array.
+ This is a performance event list which could be used as monitor.
+ - Increase libvirt/qemu.conf max_files to 32768 and max_processes to
+ 131072.
+ - Split OVN northd and ml2 plugin, so we can deploy OVNDBs and Northd
+ services on different nodes.
+ - Add hook to generate metadata from service profiles.
+ This is useful for nova vendordata plugins that can parse said metadata.
+ - Expose EventPipelinePublishers to Ceilometer and set the default to
+ 'notifier://?topic=alarm.all'.
+ - Add Panko service support. This service is not enabled by default. Use
+ environments/services/enable-panko.yaml to include it in your deployment.
+ - Add EC2-API composable service support.
+ - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a
+ new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []).
+ - Add support for Ceph RBD mirroring daemon managed by Pacemaker.
+ - Add deployed server bootstrap for RHEL.
+ - Configure VNC Server listen address on internal_api network by default.
+ - Support for Cinder Dell EMC PS Series.
+ - Support for Cinder Dell EMC EMC Storage Center.
+ - Support for Octavia composable services for LBaaS with Neutron.
+ - Support for Collectd composable services for performance monitoring.
+ - Support for Tacker composable service for VNF management.
+upgrade:
+ - Update OpenDaylight deployment to use networking-odl v2 as a mechanism
+ driver.
+ - Update Contrail composable services.
+deprecations:
+ - Glance Registry service has been removed and Glance API v2 is now deploy
+ by default. Glance API v1 is not supported anymore in TripleO.
+ - Remove CeilometerStoreEvents parameter, which has been removed
+ in Ceilometer.
+ - Ceilometer API service is deprecated and will be removed in a future
+ release. If you would like to disable it, use
+ environments/services/disable-ceilometer-api.yaml environment file.
+ - Removes deprecated OpenDaylight L2 only deployments.
+ Deploying ODL without L3 DVR is no longer supported.
+security:
+ - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to
+ prevent dashboard being embedded within an iframe and exposed to Cross-Frame
+ Scripting (XFS) vulnerability on legacy browsers.
+ - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to
+ display an Admin Password field on the Change Password form to verify that
+ it is indeed the admin logged-in who wants to change the password.
+ - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the
+ password reveal option.
+ - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take
+ X-Forwarded-Proto header into account when forming URLs.
+ - Enable management of ENFORCE_PASSWORD_CHECK value. By setting
+ 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it
+ displays an ‘Admin Password’ field on the “Change Password” form to verify
+ that it is the admin logged-in that wants to perform the password change.
+ - Enable management of Horizons Password Validation. Enables injection of an
+ operators own password validation regex via a heat template.
+ - Enable management of '/etc/issue Banner' whereby an operator can populate
+ their own Banner warning text to be displayed upon terminal login.
+ - Enable management of auditd system. '/etc/audit/audit.rules' can now be
+ populated by means of a heat template.
+fixes:
+ - Fixes `bug 1645898
+ <https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on
+ the right address, where RabbitMQ is listening too.
+ - Fixes `bug 1652184
+ <https://bugs.launchpad.net/tripleo/+bug/1652184>`__ so swap partitions
+ can be handled from an environment file thanks to AllNodesExtraConfig.
+ - Add retry to RHEL registration, useful when having network outages during
+ registration.
+ - Fixes `bug 1651476
+ <https://bugs.launchpad.net/tripleo/+bug/1651476>`__ so firewall rules
+ are created for Opendaylight API service.
+ - Fixes `bug 1643487
+ <https://bugs.launchpad.net/tripleo/+bug/1643487>`__ to prevent source
+ address from binding to a VIP for database connection.
+ - Fixes `bug 1649836
+ <https://bugs.launchpad.net/tripleo/+bug/1649836>`__ to configure
+ DPDK options to isolate PMD cores and ovs process cores.
+ - Fixes `bug 1662344
+ <https://bugs.launchpad.net/tripleo/+bug/1662344>`__ by stopping
+ to set bind_address on nova db uri.
+ This reverts the changes in https://review.openstack.org/414629 for nova as
+ they are incompatible with cell_v2.
+ This is a temporary fix for HA while a long-term solution is developed.
diff --git a/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml
new file mode 100644
index 00000000..e560fe95
--- /dev/null
+++ b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml
@@ -0,0 +1,12 @@
+---
+features:
+ - With the composable HA work landed it is now possible
+ to split pacemaker-managed services like galera, rabbit,
+ redis, haproxy and any A/P resource, off to dedicated
+ nodes. These services can be split off to separate nodes
+ either via the normal Pacemaker service (which has a limit
+ of 16 maximum number of nodes) or via the newer PacemakerRemote
+ service (but not both on the same node). Note that until
+ https://bugzilla.redhat.com/show_bug.cgi?id=1417936 is fixed,
+ PacemakerRemote should only be used for Cinder A/P resources
+ and Manila A/P resources.
diff --git a/releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml b/releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml
new file mode 100644
index 00000000..55062b04
--- /dev/null
+++ b/releasenotes/notes/composable-upgrades-d9ec7c634365e8e0.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - |
+ Composable service plugins now support two additional sections,
+ upgrade_tasks and upgrade_batch_tasks. These can be used by service
+ template authors to define the required behavior on upgrade as ansible
+ tasks, for both upgrades that require downtime, and rolling upgrades.
+ See puppet/services/README.rst for more details.
+upgrade:
+ - |
+ Please refer to tripleo-docs for full details on the upgrade workflow
+ required for Newton to Ocata upgrades, as it's possible some steps are
+ different to previous releases:
+ http://docs.openstack.org/developer/tripleo-docs/post_deployment/upgrade.html
diff --git a/releasenotes/notes/deployed-servers-fd47f18204cea105.yaml b/releasenotes/notes/deployed-servers-fd47f18204cea105.yaml
new file mode 100644
index 00000000..d05b268c
--- /dev/null
+++ b/releasenotes/notes/deployed-servers-fd47f18204cea105.yaml
@@ -0,0 +1,8 @@
+---
+features:
+ - It is now possible to deploy with tripleo-heat-templates using servers that
+ are already provisioned with an operating system, and not necessarily
+ provisioned with Nova and Ironic. This feature is enabled by making use of
+ the environments/deployed-server-environment.yaml environment file. For
+ more information, see
+ http://docs.openstack.org/developer/tripleo-docs/advanced_deployment/deployed_server.html
diff --git a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml
new file mode 100644
index 00000000..edcc1250
--- /dev/null
+++ b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml
@@ -0,0 +1,5 @@
+---
+deprecations:
+ - The environments/puppet-pacemaker.yaml file is now deprecated and the HA
+ deployment is now the default. In order to get the non-HA deployment use
+ environments/nonha-arch.yaml explicitly.
diff --git a/releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml b/releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml
new file mode 100644
index 00000000..72601f9e
--- /dev/null
+++ b/releasenotes/notes/ironic-cleaning-network-1e06881df0402221.yaml
@@ -0,0 +1,10 @@
+---
+features:
+ - |
+ New parameter "IronicCleaningNetwork" can be used to override the name
+ or UUID of the **overcloud** network Ironic uses for cleaning.
+fixes:
+ - |
+ A default value is now provided for Ironic ``cleaning_network``
+ configuration option. Not providing it on start up was deprecated since
+ Newton, and will result in a failure in the near future.
diff --git a/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml
new file mode 100644
index 00000000..1f41073b
--- /dev/null
+++ b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml
@@ -0,0 +1,9 @@
+---
+other:
+ - |
+ Use Keystone internal endpoint instead of admin for services.
+ The admin endpoint is listening on the ctlplane network by default;
+ services should ideally be using the internal api network for this kind
+ of traffic, as the ctlplane network is mostly for provisioning. On the
+ other hand, the admin endpoint shouldn't be as relevant with services
+ switching to keystone v3.
diff --git a/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml
new file mode 100644
index 00000000..c14cefa0
--- /dev/null
+++ b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ Memcached max memory configuration is now exposed va MemcachedMaxMemory.
+upgrade:
+ - |
+ Reduce the default memory configuration for memcached from 95% to 50%.
diff --git a/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml b/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml
new file mode 100644
index 00000000..bd8d3562
--- /dev/null
+++ b/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Added initial support for deploying the Octavia services in the overcloud.
diff --git a/releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml b/releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml
new file mode 100644
index 00000000..1949e4fe
--- /dev/null
+++ b/releasenotes/notes/puppet-auditd-6504295e8c6c7a3b.yaml
@@ -0,0 +1,9 @@
+---
+features:
+ - |
+ Adds the ability to manage auditd.service and enter audit.rules via tripleo
+ heat templates. This in turn enforces an audit log of system events, such
+ as system time changes, modifications to Discretionary Access Controls,
+ Failed login attempts.
+
+
diff --git a/roles_data.yaml b/roles_data.yaml
index d6c03cb9..31b12986 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -17,6 +17,10 @@
# disable_constraints: (boolean) optional, whether to disable Nova and Glance
# constraints for each role specified in the templates.
#
+# upgrade_batch_size: (number): batch size for upgrades where tasks are
+# specified by services to run in batches vs all nodes at once.
+# This defaults to 1, but larger batches may be specified here.
+#
# ServicesDefault: (list) optional default list of services to be deployed
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
@@ -28,11 +32,13 @@
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Congress
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
@@ -61,11 +67,13 @@
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::CeilometerApi
- OS::TripleO::Services::CeilometerCollector
@@ -97,17 +105,26 @@
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::Tacker
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
- name: Compute
CountDefault: 1
HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
@@ -115,6 +132,7 @@
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Kernel
@@ -129,6 +147,8 @@
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Collectd
- name: BlockStorage
ServicesDefault:
@@ -138,12 +158,16 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Collectd
- name: ObjectStorage
+ disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::Kernel
@@ -151,11 +175,14 @@
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Collectd
- name: CephStorage
ServicesDefault:
@@ -164,8 +191,11 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Collectd
diff --git a/test-requirements.txt b/test-requirements.txt
index 06bce5a2..1c9e3b42 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,6 +4,6 @@
PyYAML>=3.10.0 # MIT
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
-sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
+sphinx>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
reno>=1.8.0 # Apache-2.0
diff --git a/tools/process-templates.py b/tools/process-templates.py
index 9a06812b..1c8c4ba6 100755
--- a/tools/process-templates.py
+++ b/tools/process-templates.py
@@ -14,10 +14,13 @@
import argparse
import jinja2
import os
+import shutil
import six
import sys
import yaml
+__tht_root_dir = os.path.dirname(os.path.dirname(__file__))
+
def parse_opts(argv):
parser = argparse.ArgumentParser(
@@ -33,6 +36,9 @@ def parse_opts(argv):
action='store_true',
help="""Enable safe mode (do not overwrite files).""",
default=False)
+ parser.add_argument('-o', '--output-dir', metavar='OUTPUT_DIR',
+ help="""Output dir for all the templates""",
+ default='')
opts = parser.parse_args(argv[1:])
return opts
@@ -47,9 +53,14 @@ def _j2_render_to_file(j2_template, j2_data, outfile_name=None,
print('ERROR: path already exists for file: %s' % outfile_name)
sys.exit(1)
+ # Search for templates relative to the current template path first
+ template_base = os.path.dirname(yaml_f)
+ j2_loader = jinja2.loaders.FileSystemLoader([template_base, __tht_root_dir])
+
try:
# Render the j2 template
- template = jinja2.Environment().from_string(j2_template)
+ template = jinja2.Environment(loader=j2_loader).from_string(
+ j2_template)
r_template = template.render(**j2_data)
except jinja2.exceptions.TemplateError as ex:
error_msg = ("Error rendering template %s : %s"
@@ -60,7 +71,7 @@ def _j2_render_to_file(j2_template, j2_data, outfile_name=None,
out_f.write(r_template)
-def process_templates(template_path, role_data_path, overwrite):
+def process_templates(template_path, role_data_path, output_dir, overwrite):
with open(role_data_path) as role_data_file:
role_data = yaml.safe_load(role_data_file)
@@ -69,6 +80,11 @@ def process_templates(template_path, role_data_path, overwrite):
with open(j2_excludes_path) as role_data_file:
j2_excludes = yaml.safe_load(role_data_file)
+ if output_dir and not os.path.isdir(output_dir):
+ if os.path.exists(output_dir):
+ raise RuntimeError('Output dir %s is not a directory' % output_dir)
+ os.mkdir(output_dir)
+
role_names = [r.get('name') for r in role_data]
r_map = {}
for r in role_data:
@@ -78,6 +94,29 @@ def process_templates(template_path, role_data_path, overwrite):
if os.path.isdir(template_path):
for subdir, dirs, files in os.walk(template_path):
+
+ # NOTE(flaper87): Ignore hidden dirs as we don't
+ # generate templates for those.
+ # Note the slice assigment for `dirs` is necessary
+ # because we need to modify the *elements* in the
+ # dirs list rather than the reference to the list.
+ # This way we'll make sure os.walk will iterate over
+ # the shrunk list. os.walk doesn't have an API for
+ # filtering dirs at this point.
+ dirs[:] = [d for d in dirs if not d[0] == '.']
+ files = [f for f in files if not f[0] == '.']
+
+ # NOTE(flaper87): We could have used shutil.copytree
+ # but it requires the dst dir to not be present. This
+ # approach is safer as it doesn't require us to delete
+ # the output_dir in advance and it allows for running
+ # the command multiple times with the same output_dir.
+ out_dir = subdir
+ if output_dir:
+ out_dir = os.path.join(output_dir, subdir)
+ if not os.path.exists(out_dir):
+ os.mkdir(out_dir)
+
for f in files:
file_path = os.path.join(subdir, f)
# We do two templating passes here:
@@ -101,7 +140,7 @@ def process_templates(template_path, role_data_path, overwrite):
[role.lower(),
os.path.basename(f).replace('.role.j2.yaml',
'.yaml')])
- out_f_path = os.path.join(subdir, out_f)
+ out_f_path = os.path.join(out_dir, out_f)
if not (out_f_path in excl_templates):
_j2_render_to_file(template_data, j2_data,
out_f_path, overwrite)
@@ -112,9 +151,12 @@ def process_templates(template_path, role_data_path, overwrite):
with open(file_path) as j2_template:
template_data = j2_template.read()
j2_data = {'roles': role_data}
- out_f = file_path.replace('.j2.yaml', '.yaml')
- _j2_render_to_file(template_data, j2_data, out_f,
+ out_f = os.path.basename(f).replace('.j2.yaml', '.yaml')
+ out_f_path = os.path.join(out_dir, out_f)
+ _j2_render_to_file(template_data, j2_data, out_f_path,
overwrite)
+ elif output_dir:
+ shutil.copy(os.path.join(subdir, f), out_dir)
else:
print('Unexpected argument %s' % template_path)
@@ -123,4 +165,4 @@ opts = parse_opts(sys.argv)
role_data_path = os.path.join(opts.base_path, opts.roles_data)
-process_templates(opts.base_path, role_data_path, (not opts.safe))
+process_templates(opts.base_path, role_data_path, opts.output_dir, (not opts.safe))
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 63e3ce51..0eacbc60 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -66,7 +66,10 @@ def validate_mysql_connection(settings):
def validate_mysql_uri(key, items):
# Only consider a connection if it targets mysql
- if key.endswith('connection') and \
+ # TODO(owalsh): skip nova mysql uris,temporary workaround for
+ # tripleo/+bug/1662344
+ if not key.startswith('nova') and \
+ key.endswith('connection') and \
search(items, mysql_protocol, no_op):
# Assume the "bind_address" option is one of
# the token that made up the uri
@@ -94,10 +97,6 @@ def validate_mysql_connection(settings):
def validate_service(filename, tpl):
- if 'heat_template_version' in tpl and not str(tpl['heat_template_version']).isalpha():
- print('ERROR: heat_template_version needs to be the release alias not a date: %s'
- % filename)
- return 1
if 'outputs' in tpl and 'role_data' in tpl['outputs']:
if 'value' not in tpl['outputs']['role_data']:
print('ERROR: invalid role_data for filename: %s'
@@ -135,6 +134,13 @@ def validate(filename):
try:
tpl = yaml.load(open(filename).read())
+ # The template alias version should be used instead a date, this validation
+ # will be applied to all templates not just for those in the services folder.
+ if 'heat_template_version' in tpl and not str(tpl['heat_template_version']).isalpha():
+ print('ERROR: heat_template_version needs to be the release alias not a date: %s'
+ % filename)
+ return 1
+
if (filename.startswith('./puppet/services/') and
filename != './puppet/services/services.yaml'):
retval = validate_service(filename, tpl)
@@ -196,8 +202,8 @@ if base_endpoint_map and \
matches = validate_endpoint_map(base_endpoint_map,
env_endpoint_map['map'])
if not matches:
- print("ERROR: %s doesn't match base endpoint map" %
- env_endpoint_map['file'])
+ print("ERROR: %s needs to be updated to match changes in base "
+ "endpoint map" % env_endpoint_map['file'])
failed_files.append(env_endpoint_map['file'])
exit_val |= 1
else:
diff --git a/tox.ini b/tox.ini
index 969f21d4..3796a546 100644
--- a/tox.ini
+++ b/tox.ini
@@ -13,6 +13,7 @@ commands = {posargs}
[testenv:pep8]
commands =
python ./tools/process-templates.py
+ python ./network/endpoints/build_endpoint_map.py --check
python ./tools/yaml-validate.py .
[testenv:templates]